I'm debugging a ldap problem after ldap client machine upgraded to ubuntu 18.04. Trying to figure out where the problem is, and I noticed the outbound connection is in SYN_SENT, but when I use tcpdump to capture the problem, both server and client machine's tcpdump has no data about that specific connection, just like it stuck in the kernel's tcp stack. Is there any possible problem that caused this symptom?
Some background:
LDAP server ubuntu 16.04.5, LDAP client 18.04.1
ldap client program: pam_ldap
and systemd-logind
(which uses nss-ldap
)
pam_ldap
can connect to ldap server and bind without problem and tcpdump captures the packet.
systemd-logind
always complain about do_start_tls failed: stat=-1
, netstat
shows SYN_SENT
and tcpdump captures no outbound packet.
Same configuration on 16.04 works without any problem.
Best Answer
Disable Apparmor completely and this problem solved. It seems that Appamor blocked systemd-logind outbound connection.