From owner-freebsd-stable@FreeBSD.ORG Tue Oct 15 13:20:33 2013 Return-Path: Delivered-To: freebsd-stable@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 53918C15 for ; Tue, 15 Oct 2013 13:20:33 +0000 (UTC) (envelope-from lists@bsdcs.com) Received: from bsdcs.com (www.bsdcs.com [70.89.129.185]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 32BE922A5 for ; Tue, 15 Oct 2013 13:20:33 +0000 (UTC) Received: (qmail 61609 invoked by uid 89); 15 Oct 2013 13:19:03 -0000 Received: from unknown (HELO ?172.16.0.87?) (lists@bsdcs.com@172.16.0.87) by www.bsdcs.com with ESMTPA; 15 Oct 2013 13:19:03 -0000 Message-ID: <525D40E3.5010909@bsdcs.com> Date: Tue, 15 Oct 2013 06:19:31 -0700 From: BSDCS Lists User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: Rainer Duffner Subject: Re: question about PAM in 9.2 References: <20131015120529.0fdb56c2@suse3> In-Reply-To: <20131015120529.0fdb56c2@suse3> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-stable@FreeBSD.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Oct 2013 13:20:33 -0000 On 10/15/2013 3:05 AM, Rainer Duffner wrote: > Hi, > > > we have been using pure-ftpd to authenticate via PAM from our > ldap-server for some time (the ldap-server was built in 2006...). > > > I've got the following in /etc/pam.d/pure-ftpd > > auth sufficient /usr/local/lib/pam_ldap.so > auth required pam_nologin.so > auth required pam_unix.so nullok > > account required pam_permit.so > > session required pam_permit.so > > > This worked from probably FreeBSD 5.0 and before (longer than I've been > at the company...) until 9.1, then, with the upgrade to 9.2, users can > no longer login (LDAP or local does not matter). > It has nothing to do with the versions of various ldap-related ports > (at least not obviously), because the same set of packages does work > with 9.1. > > Upon trying to login, this is in /var/log/messages: > > Oct 15 11:10:27 server1 pure-ftpd: in openpam_dispatch(): > pam_nologin.so: no pam_sm_setcred() > Oct 15 11:10:27 server1 pure-ftpd: in openpam_check_error_code(): > pam_sm_setcred(): unexpected return value > 4 Oct 15 11:10:30 server1 pure-ftpd: (?@127.0.0.1) [WARNING] > Authentication failed for user [demo] > > > > Can anyone shed any light on this? > > What did change between 9.1 and 9.2? Hello Rainer - I found this when searching for: "openpam_check_error_code():pam_sm_setcred(): unexpected return value 4" http://www.blissfulidiot.com/2010/11/pam-ldap-error-unexpected-return-value.html Randy Ricker > > > Best Regards, > Rainer > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"