Date: Thu, 28 Jan 2010 23:04:07 +0100 From: =?utf-8?Q?Piotr_Buli=C5=84ski?= <bulinskp@iem.pw.edu.pl> To: freebsd-questions@freebsd.org Subject: Problem with sftp server, static linking, pam and nss_ldap. Message-ID: <CD27E95B-A0D6-46CA-A122-7F867630D5C4@iem.pw.edu.pl>
next in thread | raw e-mail | index | archive | help
--Apple-Mail-29-793722448 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hello, recently we moved our users database to LDAP server, but after that sftp = stops working on our students server.=20 We use: - OpenLDAP 2.4.21 - nss_ldap-1.265_3 - pam_ldap-1.8.5 - FreeBSD 9.0-CURRENT amd64 When I use sftp, it drops the connection: {volt}-{~}% sftp localhost Connecting to localhost... Connection closed {volt}-{~}%=20 After short investigation, I've found that problem is in = /usr/libexec/sftp-server program (which is our default subsystem in = sshd): {volt}-{~}% /usr/libexec/sftp-server=20 No user found for uid 5567 {volt}-{~}%=20 what was quite weird, because sshd works perfectly with users from LDAP = server (so I assume that PAM is configured correctly). After that, I've tried to make a simple test with program below: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D #include <sys/types.h> #include <pwd.h> #include <stdarg.h> #include <stdio.h> #include <unistd.h> int main(int argc, char **argv) { struct passwd *user_pw; user_pw =3D getpwuid(getuid()); if ((user_pw =3D getpwuid(getuid())) =3D=3D NULL) { fprintf(stderr, "No user found for uid %lu\n", (u_long)getuid()); return 1; } else { fprintf(stderr, "It works %s!\nYour uid is: %lu\n", user_pw->pw_name, (u_long)getuid()); } return 0; } =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D which is almost copy-pasted from = /usr/src/crypto/openssh/sftp-server-main.c I've build it twice. Once with dynamic linking: {volt}-{~}% cc -o test test.c =20 {volt}-{~}% ./test It works bulinskp! Your uid is: 5567 {volt}-{~}%=20 another one with static linking: {volt}-{~}% cc -o test -static test.c {volt}-{~}% ./test =20 No user found for uid 5567 {volt}-{~}%=20 As you can see, it works great with dynamic linking, but if it's build = with static linking it can't get user information from LDAP database. Could you be so kind and help me better understand this problem and find = some solution for it (I spend some time trying to find it, but this is = probably beyond my scope)? I would be really appreciate for any tip. Below are information about my PAM and NSS configuration: {volt}-{~}% cat /etc/nsswitch.conf | grep passwd passwd: files ldap {volt}-{~}%=20 {volt}-{~}% cat /etc/pam.d/sshd | grep -v "^#" | grep -v "^$" auth sufficient pam_opie.so no_warn = no_fake_prompts auth requisite pam_opieaccess.so no_warn = allow_local auth requisite /usr/local/lib/pam_af.so debug auth sufficient /usr/local/lib/pam_ldap.so no_warn auth required pam_unix.so no_warn = try_first_pass account required pam_nologin.so account required pam_login_access.so account required /usr/local/lib/pam_ldap.so no_warn = ignore_authinfo_unavail ignore_unknown_user account required pam_unix.so session required pam_permit.so session sufficient /usr/local/lib/pam_ldap.so no_warn = try_first_pass=20 password required pam_unix.so no_warn = try_first_pass {volt}-{~}%=20 regards --=20 Piotr Buli=C5=84ski Informatyka na Wydziale Elektrycznym Politechnika Warszawska --Apple-Mail-29-793722448--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CD27E95B-A0D6-46CA-A122-7F867630D5C4>