Web lists-archives.com

Re: Open socket not connected to any real process




Well, crap.  It turns out this isn't a problem.  PAM is configured for LDAP authentication and so it opens a connection each time I log in, owned by my sshd process, even though it's not using LDAP authentication for root.  And the other LDAP queries I'm seeing are being sent when users authenticate via sendmail.  Case closed!

On Wed, Mar 7, 2018 at 4:16 PM, David Parker <dparker@xxxxxxxxx> wrote:
Hello,

I have an SMTP server running Debian Wheezy (64-bit).  A few weeks ago, I stopped nscd on it, because it was holding a connection open to our LDAP server and sending a ton of unnecessary queries to it.

Even though nscd is not running, I am once again seeing nscd-type queries on the LDAP server from this SMTP server, and a connection is open from the SMTP server.  But I can't seem to figure out what process is using that connection.  Every time I check using netstat or lsof, it just reports that the socket is owned by my current sshd process.

An example:

root@smtp:~# netstat -anp | grep 389
tcp        0      0 <smtp-ip>:58786   <ldap-ip>:389    ESTABLISHED 10249/0
        
root@smtp:~# lsof -n -i :389
COMMAND   PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
sshd    10249 root    4w  IPv4 86936230      0t0  TCP <smtp-ip>:58786-><ldap-ip>:ldap (ESTABLISHED)

root@smtp:~# ps -ef | grep 10249
root     10249 17111  0 15:49 ?        00:00:00 sshd: root@pts/0
root     10251 10249  0 15:50 pts/0    00:00:00 -bash
root     10286 10251  0 15:54 pts/0    00:00:00 grep 10249


So I log out and back in, and the PID for this socket changes to my new sshd process:

root@smtp:~# netstat -anp | grep 389
tcp        0      0 <smtp-ip>:58798   <ldap-ip>:389    ESTABLISHED 10288/0

root@smtp:~# lsof -n -i :389
COMMAND   PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
sshd    10288 root    4w  IPv4 86936319      0t0  TCP <smtp-ip>:58798-><ldap-ip>:ldap (ESTABLISHED)

root@smtp:~# ps -ef | grep 10288
root     10288 17111  0 15:54 ?        00:00:00 sshd: root@pts/0
root     10290 10288  0 15:54 pts/0    00:00:00 -bash
root     10304 10290  0 15:55 pts/0    00:00:00 grep 10288


And all the while, LDAP queries continue to be sent over this connection.  Does anyone have any idea why I can't seem to track down the real process which is holding this socket open?

Thanks!
Dave

--
Dave Parker '11
Database & Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177



--
Dave Parker '11
Database & Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177