Technical Blog Post
Abstract
When invoking the direct command I receive the following errors on Connect:Direct UNIX - XSEC000I XAPI005I
Body
When invoking the direct command I receive the following errors on Connect:Direct UNIX:
Failed to obtain connection to Connect:Direct server, exiting.
XSEC000I Return Code: 8 Feedback: 0
XAPI005I Return Code: 8 Feedback: 0
ndm_auth failure.
Connect:Direct CLI Terminated...
Errors found in the work log:
STAR=20151101 12:51:44|CCOD=8|RECI=XSEC|RECC=CAEV|TZDI=-18000|MSGI=XSEC003I|MSGT=Wrong password. Message ID XSEC003I, rc=8, fdbk=0.
STAR=20151101 12:51:44|SSTA=20151101 12:51:44|STRT=20151101 12:51:44|CCOD=8|RECI=SGON|RECC=CAEV|TZDI=-18000|MSGI=XCMM043I|MSGT=User sign on failed. Error = XSEC003I
STAR=20151101 12:51:44|RECI=CXIT|RECC=CAEV|TZDI=-18000|MSGT=CMGR exited. Pid=10009. Exitcode=0.
Errors found in the trace file:
PID=19063 11/01 09:47:02:652648 -> sdcf_fileread
=19063 cfh: 0x0860B878
=19063 buffer: 0xFF9DA980
=19063 key: authentication
=19063 <- sdcf_fileread: found authentication
=19063 <- sdcf_read: record ok
=19063 ndm_auth: getpwuid returned null for uid 3007230, errno is 0
=19063 ndm_auth: got
auth_results:os.ok=0:os.user=:requested.user=:client.host=ironman:algorithm=MRLN:encryption=SIMP:error=0:errmsg=XSEC000I:used.eff.uid=0:real.user=:
Example of a successful sign on:
PID=20727 11/02 11:18:28:505312 -> sdcf_fileread
=20727 cfh: 0x0810D730
=20727 buffer: 0xFF90D770
=20727 key: authentication
=20727 <- sdcf_fileread: found authentication
=20727 <- sdcf_read: record ok
=20727 ndm_auth: effective user is cd41
=20727 ndm_auth: got auth_results:os.ok=1:os.user=cd41:requested.user=cd41:client.host=ironman:algorithm=MRLN:encryption=SIMP:error=0:errmsg=XSEC000I:used.eff.uid=0:real.user=cd41:
From an application standpoint, we're making a valid system call to getpwuid() using uid 3007230, and it's returning null with an 0 errno. According to the getpwuid man page, errno 0 means:
RETURN VALUE
The getpwnam() and getpwuid() functions return a pointer to a passwd structure, or NULL if
the matching entry is not found or an error occurs. If an error occurs, errno is set
and
ERRORS
0 or ENOENT or ESRCH or EBADF or EPERM or ...
The given name or uid was not found.
Assuming 3007230 is the correct uid for the user ID (login as the user ID and issue id command to verify), it doesn't look like the getpwuid system call is able to find a match in the password database, LDAP in this case.
Missing 32bit libraries on Red Hat Linux causes authentication errors when the user accounts for Connect:Direct UNIX are configured in LDAP
C:D being a 32 bit application running on 64 bit OS requires 32 bit /lib/libnss_sss.so.2 library, which is provided by 32 bit sssd-client.i686.
[root] $ yum search sssd-client.i686
Loaded plugins: product-id, refresh-packagekit, rhnplugin, subscription-manager
This system is receiving updates from RHN Classic or Red Hat Satellite.
Warning: No matches found for: sssd-client.i686
No Matches found
Notes: The system environment is Red Hat Enterprise Server 64 bit, Connect:Direct 4.1.04
You need to be at latest maintenance to get the diagnostic trace output.
All users are configured on a LDAP server.
The PAM configuration does not come into play for CLI connections.
UID
ibm11123917