From owner-freebsd-stable@FreeBSD.ORG Tue Mar 18 10:05:06 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B7EA106566C for ; Tue, 18 Mar 2008 10:05:06 +0000 (UTC) (envelope-from db@danielbond.org) Received: from mail.nsn.no (mailtwo.nsn.no [62.89.38.161]) by mx1.freebsd.org (Postfix) with SMTP id B233F8FC1F for ; Tue, 18 Mar 2008 10:05:05 +0000 (UTC) (envelope-from db@danielbond.org) Received: (qmail 53786 invoked by uid 0); 18 Mar 2008 10:05:03 -0000 Received: from unknown (HELO ?127.0.0.1?) (85.95.44.187) by mail.nsn.no with SMTP; 18 Mar 2008 10:05:03 -0000 Message-ID: <47DF93CE.9050406@danielbond.org> Date: Tue, 18 Mar 2008 11:05:02 +0100 From: Daniel Bond User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: Valerio Daelli References: <47DE9638.6080609@danielbond.org> <27dbfc8c0803180148q3aa8323ev8a06a25eef46257f@mail.gmail.com> In-Reply-To: <27dbfc8c0803180148q3aa8323ev8a06a25eef46257f@mail.gmail.com> X-Enigmail-Version: 0.95.6 OpenPGP: id=1A8DD04A; url=http://web.danielbond.org/pgp/danielbond-pubkey.asc Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-stable@freebsd.org Subject: Re: Problems combining nss_ldap/pam_ldap with pam_mkhomedir in FreeBSD 7.0 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2008 10:05:06 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Valerio Daelli wrote: | On Mon, Mar 17, 2008 at 5:03 PM, Daniel Bond wrote: |> -----BEGIN PGP SIGNED MESSAGE----- |> Hash: SHA1 |> |> Hi, |> Now, if I uncomment the line with pam_mkhomedir.so on it, logins stop to |> work. In /var/log/auth.log I now see two lines appearing: |> |> Mar 17 16:46:40 webmail sshd[98923]: nss_ldap: could not search LDAP |> server - Server is unavailable |> Mar 17 16:46:40 webmail sshd[98923]: error: PAM: pam_open_session(): |> error in service module | | Hi | not sure if this may solve your problem. We found a similar problem | on FreeBSD 7.0 with pam_mkhomedir.so and sshd. We solved using pam_exec.so | and a custom shell script to create the home directories. | Hope this help | | Valerio Daelli | _______________________________________________ | freebsd-stable@freebsd.org mailing list | http://lists.freebsd.org/mailman/listinfo/freebsd-stable | To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" Hi, thanks for the quick reply. This is a workaround that addresses the issue of users homedir not existing upon login-time, but there seems to be a serious problem in the underlying pam_ldap/nss_ldap modules somewhere. I've noticed after posting the previous post that ssh-pubkey/ssh-password authentication no longer works with PAM/ldap-setups, which I need for our external developers. I *really* want to find the underlying issue in this case, and resolve it. I have got some days off in the easter where I will look deeper into it, hoping to find an underlying issue, and create a patch. My only concern is not being able to find the bug, so I'm very happy for any suggestions on how to track this down, or any suspicions to what could be causing the problem. Cheers and happy Easter, Daniel Bond. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH35POUR3pKhqN0EoRApSkAJ9ywSzttH+VJTRrVQLtRvIXcwvyJgCeKkcO BuqV2YXaP+u8ve4tbyfInj8= =YMBU -----END PGP SIGNATURE-----