Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 20 Oct 2003 14:39:19 +0400
From:      =?koi8-r?B?5MXK1MXSIOHMxcvTwc7E0iD3wczF0tjF18ne?= <tiamat@komi.mts.ru>
To:        <freebsd-current@freebsd.org>
Cc:        "Jacques A. Vidrine" <nectar@freebsd.org>
Subject:   bug in NSS ?
Message-ID:  <003801c396f6$6b00ed90$b901320a@komi.mts.ru>

next in thread | raw e-mail | index | archive | help
I have a problem with nss_ldap on FreeBSD.
After tranfer users from /etc/passwd to ldap directories my users cannot
send a mail via /usr/bin/mail | /usr/sbin/sendmail  program:

ldap_user$ id
uid=1000(test) gid=1000(test) groups=1000(test)

ldap_user$ pw usershow test
test:*:1000:1000::0:0:test:/tmp:/bin/sh

ldap_user$ ldapsearch -h server -b 'dc=komi,dc=mts,dc=ru' '(uid=test)'
dn: cn=test,dc=komi,dc=mts,dc=ru
cn: test
objectClass: posixAccount
objectClass: account
uid: test
userPassword: test
loginShell: /bin/csh
homeDirectory: /tmp
gecos: test
description: test
uidNumber: 1000
gidNumber: 1000

ldap_user$ date|mail -v root
root... Connecting to [127.0.0.1] via relay...
220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Mon, 20 Oct 2003
13:58:12 +0400 (MSD)
>>> EHLO server.komi.mts.ru
250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN
250-DELIVERBY
250 HELP
>>> AUTH CRAM-MD5
334 PDUyMzg4MDAuOTY3OTM0N0BwYy1kYXYua29taS5tdHMucnU+
AUTH FAIL=needs user interaction (2)
>>> *
501 5.0.0 AUTH aborted
>>> MAIL From:<test@server.komi.mts.ru> SIZE=39 AUTH=test@server.komi.mts.ru
250 2.1.0 <test@server.komi.mts.ru>... Sender ok
>>> RCPT To:<root@server.komi.mts.ru>
>>> DATA
250 2.1.5 <root@server.komi.mts.ru>... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 h9K9wCNK012427 Message accepted for delivery
root... Sent (h9K9wCNK012427 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 server.komi.mts.ru closing connection

for user from /etc/passwd this work fine:

$ date|mail -v root
root... Connecting to [127.0.0.1] via relay...
220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Mon, 20 Oct 2003
14:03:30 +0400 (MSD)
>>> EHLO server.komi.mts.ru
250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN
250-DELIVERBY
250 HELP
>>> AUTH CRAM-MD5
334 PDE4NDMxNzM5MTcuOTY3OTY2NUBwYy1kYXYua29taS5tdHMucnU+
>>> c21tc3AgZmQ4NGQwYzA3MzU0MzQ2NDU5ZjI1Y2QzZTgyMjg1YjE=
235 2.0.0 OK Authenticated
>>> MAIL From:<pgsql@server.komi.mts.ru> SIZE=39
AUTH=pgsql@server.komi.mts.ru
250 2.1.0 <pgsql@server.komi.mts.ru>... Sender ok
>>> RCPT To:<root@server.komi.mts.ru>
>>> DATA
250 2.1.5 <root@server.komi.mts.ru>... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 h9KA3UNK012452 Message accepted for delivery
root... Sent (h9KA3UNK012452 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 server.komi.mts.ru closing connection

/etc/nsswitch.conf:
passwd: files ldap
group:  files ldap

sendmail configuration:

submit.mc:
divert(0)dnl
VERSIONID(`$Id: submit.mc,v 8.6.2.7 2003/09/10 22:11:56 ca Exp $')
define(`confCF_VERSION', `Submit')dnl
define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
define(`confTIME_ZONE', `USE_TZ')dnl
define(`confDONT_INIT_GROUPS', `True')dnl
FEATURE(`authinfo', `hash -o /etc/mail/msp-authinfo')
FEATURE(`msp', `[127.0.0.1]')dnl

sendmail.mc:
divert(0)
VERSIONID(`$FreeBSD: mc,v 1.28 2003/04/18 01:25:41 gshapiro Exp $')
OSTYPE(freebsd5)
FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
define(`_REC_AUTH_', `_REC_FULL_AUTH_')
define(`confAUTH_MECHANISMS',`CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN')
TRUST_AUTH_MECH(`CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN')
MAILER(local)
MAILER(smtp)

LOCAL_RULESETS
SLocal_trust_auth
R$*     $: $&{auth_authen}
Rsmmsp  $# OK

/etc/mail/msp-authinfo:
AuthInfo:127.0.0.1      "U:smmsp" "P:smmsp" "M:CRAM-MD5"

# sasldblistusers2
smmsp@server.komi.mts.ru: userPassword

On Solaris 8 (with same version cyrus-sasl, nss_ldap, openldap and sendmail)
the same user test can send mail success:

ldap_user$ id
uid=1000(test) gid=1000(test)

ldap_user$ ldapsearch -h server -b 'dc=komi,dc=mts,dc=ru' '(uid=test)'
cn=test,dc=komi,dc=mts,dc=ru
cn=test
objectClass=posixAccount
objectClass=account
uid=test
userPassword=test
loginShell=/bin/csh
homeDirectory=/tmp
gecos=test
description=test
uidNumber=1000
gidNumber=1000

ldap_user$ date|sendmail -v root
root... Connecting to [127.0.0.1] via relay...
220 sunos.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Mon, 20 Oct 2003
14:19:31 +0400 (MSD)
>>> EHLO sunos.komi.mts.ru
250-sunos.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN
250-DELIVERBY
250 HELP
>>> AUTH CRAM-MD5
334 PDI3NzMzNDkwMzguOTY4MDYyN0BzaGl2YS5rb21pLm10cy5ydT4=
>>> c21tc3AgODU0MjcyYzBmODE1ZDI3MjM0Yjk3OWM4MjE1ZDQ0MTc=
235 2.0.0 OK Authenticated
>>> MAIL From:<test@sunos.komi.mts.ru> SIZE=29 AUTH=test@sunos.komi.mts.ru
250 2.1.0 <test@sunos.komi.mts.ru>... Sender ok
>>> RCPT To:<root@sunos.komi.mts.ru>
>>> DATA
250 2.1.5 <root@sunos.komi.mts.ru>... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 h9KAJVED002747 Message accepted for delivery
root... Sent (h9KAJVED002747 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 sunos.komi.mts.ru closing connection

Any ideas ?

Thanks!



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003801c396f6$6b00ed90$b901320a>