Find the answer to your Linux question:
Results 1 to 5 of 5
We recently rolled out Likewise Open in our environment to address the need to authenticate our Linux servers against Active Directory (AD). We were previously accomplishing this using the pam_smb ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2009
    Posts
    4

    having authentication problems on DMZ servers - Likewise Open


    We recently rolled out Likewise Open in our environment to address the need to authenticate our Linux servers against Active Directory (AD). We were previously accomplishing this using the pam_smb module, but after we updated our Domain Controllers to Windows 2008, several users were experiencing problems logging into RHEL servers with their AD credentials.

    Long story short - we rolled out Likewise open which allowed us to make all of our RHEL3/4/5 servers join our Active Directory domain with a very high success rate.

    However, now we have a handful of systems residing in the DMZ that are experiencing intermittent problems authenticating users, whether they are local accounts like root or network accounts from AD. The servers will respond to ping but we cannot SSH to them or even log in from the console. This happens every other day and the only fix we have so far is to reboot the system, only to see the problem return within a short amount of time.

    When I look in the /var/log/secure log file, I see the following error appear:

    sshd[6843]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.

    After searching thru the almighty google - I see references to ipv6 being the culprit, but I have gone thru all of the steps to disable ipv6 and the problem still persists.

    Does anyone have any experience with this kind of problem?

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    For fun lets take a look at your system with the issues. Run the following and post the output;

    Code:
    lsof -i :22
    If you do not have lsof installed try the following;

    Code:
    netstat -a |grep LISTEN |grep :ssh

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Sep 2009
    Posts
    4
    Heres the output:

    [root@hostnamebin]# lsof -i :22

    COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME

    sshd 6307 root 3u IPv6 49988 TCP hostname:ssh->IP Address:47492 (ESTABLISHED)
    sshd 6310 hb19867 3u IPv6 49988 TCP hostname:ssh->->IP Address:47492 (ESTABLISHED)
    sshd 6540 root 3u IPv6 51410 TCP *:ssh (LISTEN)

    [root@hostname bin]# netstat -a |grep LISTEN|grep :ssh

    tcp 0 0 *:ssh *:* LISTEN

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Sep 2009
    Posts
    4
    Not sure if this will help right now or not since this is one of those times i can actually get into the server :-/

  6. #5
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by aspiringuru View Post
    sshd 6540 root 3u IPv6 51410 TCP *:ssh (LISTEN)
    Here is your problem. It tells you the 22 is bound to IPv6. If you are not using IPv6 you should shut it totally off.

    Edit /etc/sysconfig/network and and make sure that IPv6 is set to NO
    Code:
    NETWORKING_IPV6=no
    Edit /etc/modprobe.conf and add these lines:
    Code:
    alias net-pf-10 off
    alias ipv6 off
    Stop IPv6firewall from starting on boot:
    Code:
    chkconfig ip6tables off
    Stop the ipv6tables service:
    Code:
    chkconfig ip6tables off
    If the server is local to you restart Network services
    Code:
    service network restart

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •