From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Description of problem: I turned on LDAP authentication using 'authconfig'. I didn't select the TLS option. After that, su - fails with the following error message: % su - Password: free(): invalid pointer 0x8055708! Segmentation fault If I turn off nscd, I get the following error message: su - Password: Segmentation fault If I turn on off the LDAP configuration, su - works fine. This doesn't happen with Redhat Enterprise Linux 2.1, nor does it happen with Redhat 9.0. It only happens on Redhat Enterprise Linux 3.0. I'm guessing the bug is in nss_ldap since turning on ldap caused the problem. Version-Release number of selected component (if applicable): nss_ldap-207-2 How reproducible: Always Steps to Reproduce: 1. Turn on LDAP configuration without TLS turned on 2. Type 'su -' 3. Actual Results: Segmentation fault Expected Results: Should have allowed the user to become root Additional info: If I change all lines in /etc/pam.d/system-auth from: lib/security/$ISA/pam_unix.so ... to /lib/security/$ISA/pam_pwdb.so ... it no longer seg faults. However, I read that changing this isn't a good idea because some things will break. Don't know if that's true or not??
I have found that, in order to make "su" not segfault with pam_ldap enabled, I had to disable the line in /etc/pam.d/system-auth: account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so by commenting it out. I still can't get in with ssh. RHELU1 things there is an authentication failure happening (actually, sshd sefaults in -d -d -d mode). My /etc/ldap.conf file looks like this: host a.b.c.d a.b.c.e base dc=edu ldap_version 3 binddn ldap_user.edu bindpw ldap_password port 3268 scope sub nss_map_objectclass posixAccount User nss_map_attribute uid sAMAccountName nss_map_attribute uniqueMember Member pam_login_attribute sAMAccountName pam_filter objectclass=User pam_password md5 ssl start_tls tls_checkpeer no Under Fedora (1.90) this configuration file works like a charm with nss_ldap-212-1.
x86_64 (both AS and WS) on Opteron does not have this problem. I have three systems configured to use the same LDAP server (openldap in exactly the same way, and the i386 WS is the only one that seg faults. I can login as root on both the console and via ssh, but if I try to su, I get a segmentation fault.
Read Bug ID #115399 to see if my posting applies to you regarding this issue.
For my problem I don't have any spaces in the group names (I didn't even know that was allowed), so it appears that the comment in #115399 doesn't apply in my case.
We are also experiencing this bug on RHAS3/i386 (update 2 and 3), our opteron machines running RHAS3/amd64 don't have this issue. We did notice that if we boot the system with less memory everything works just fine. Booting with 4GB of ram will make su segfault, booting with only 512MB ram will make su work fine. (our opterons have 12GB of ram in them) Do note that this only happens when doing when executing "su - <user>" as a regular user. When we execut "su - <user>" as root we do not have this issue. Turning off nscd will make su - work fine as well, regretfully performance will plummet so this is not an option. We do not use any ldap groups or users with spaces in them, our ldap server is Windows 2003.
Here I have the same problem, but also *without* running nscd. In fact, nscd won't start (it might fail for the same reason, I didn't investigate). Also "getent passwd", "getent group", etc. segfault. FWIW, we're talking to an OpenLDAP 2.0.27 server.
*** This bug has been marked as a duplicate of 114575 ***