Red Hat Bugzilla – Bug 116282
Turn on ldap, su - gets segmentation fault
Last modified: 2007-11-30 17:07:00 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Description of problem:
I turned on LDAP authentication using 'authconfig'. I didn't select
the TLS option.
After that, su - fails with the following error message:
% su -
free(): invalid pointer 0x8055708!
If I turn off nscd, I get the following error message:
If I turn on off the LDAP configuration, su - works fine.
This doesn't happen with Redhat Enterprise Linux 2.1, nor does it
happen with Redhat 9.0. It only happens on Redhat Enterprise Linux
I'm guessing the bug is in nss_ldap since turning on ldap caused the
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Turn on LDAP configuration without TLS turned on
2. Type 'su -'
Actual Results: Segmentation fault
Expected Results: Should have allowed the user to become root
If I change all lines in /etc/pam.d/system-auth from:
it no longer seg faults. However, I read that changing this isn't a
good idea because some things will break. Don't know if that's true
I have found that, in order to make "su" not segfault with pam_ldap
enabled, I had to disable the line in /etc/pam.d/system-auth:
account [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so
by commenting it out. I still can't get in with ssh. RHELU1 things
there is an authentication failure happening (actually, sshd sefaults
in -d -d -d mode).
My /etc/ldap.conf file looks like this:
host a.b.c.d a.b.c.e
nss_map_objectclass posixAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute uniqueMember Member
Under Fedora (1.90) this configuration file works like a charm with
x86_64 (both AS and WS) on Opteron does not have this problem. I have
three systems configured to use the same LDAP server (openldap in
exactly the same way, and the i386 WS is the only one that seg faults.
I can login as root on both the console and via ssh, but if I try to
su, I get a segmentation fault.
Read Bug ID #115399 to see if my posting applies to you regarding
For my problem I don't have any spaces in the group names (I didn't
even know that was allowed), so it appears that the comment in
#115399 doesn't apply in my case.
We are also experiencing this bug on RHAS3/i386 (update 2 and 3), our
opteron machines running RHAS3/amd64 don't have this issue.
We did notice that if we boot the system with less memory everything
works just fine. Booting with 4GB of ram will make su segfault,
booting with only 512MB ram will make su work fine. (our opterons have
12GB of ram in them)
Do note that this only happens when doing when executing "su - <user>"
as a regular user. When we execut "su - <user>" as root we do not have
Turning off nscd will make su - work fine as well, regretfully
performance will plummet so this is not an option.
We do not use any ldap groups or users with spaces in them, our ldap
server is Windows 2003.
Here I have the same problem, but also *without* running nscd. In
fact, nscd won't start (it might fail for the same reason, I didn't
investigate). Also "getent passwd", "getent group", etc. segfault.
FWIW, we're talking to an OpenLDAP 2.0.27 server.
*** This bug has been marked as a duplicate of 114575 ***