Date: Tue, 18 Mar 2008 11:05:02 +0100 From: Daniel Bond <db@danielbond.org> To: Valerio Daelli <valerio.daelli@gmail.com> Cc: freebsd-stable@freebsd.org Subject: Re: Problems combining nss_ldap/pam_ldap with pam_mkhomedir in FreeBSD 7.0 Message-ID: <47DF93CE.9050406@danielbond.org> In-Reply-To: <27dbfc8c0803180148q3aa8323ev8a06a25eef46257f@mail.gmail.com> References: <47DE9638.6080609@danielbond.org> <27dbfc8c0803180148q3aa8323ev8a06a25eef46257f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Valerio Daelli wrote: | On Mon, Mar 17, 2008 at 5:03 PM, Daniel Bond <db@danielbond.org> wrote: |> -----BEGIN PGP SIGNED MESSAGE----- |> Hash: SHA1 |> |> Hi, |> Now, if I uncomment the line with pam_mkhomedir.so on it, logins stop to |> work. In /var/log/auth.log I now see two lines appearing: |> |> Mar 17 16:46:40 webmail sshd[98923]: nss_ldap: could not search LDAP |> server - Server is unavailable |> Mar 17 16:46:40 webmail sshd[98923]: error: PAM: pam_open_session(): |> error in service module | | Hi | not sure if this may solve your problem. We found a similar problem | on FreeBSD 7.0 with pam_mkhomedir.so and sshd. We solved using pam_exec.so | and a custom shell script to create the home directories. | Hope this help | | Valerio Daelli | _______________________________________________ | freebsd-stable@freebsd.org mailing list | http://lists.freebsd.org/mailman/listinfo/freebsd-stable | To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" Hi, thanks for the quick reply. This is a workaround that addresses the issue of users homedir not existing upon login-time, but there seems to be a serious problem in the underlying pam_ldap/nss_ldap modules somewhere. I've noticed after posting the previous post that ssh-pubkey/ssh-password authentication no longer works with PAM/ldap-setups, which I need for our external developers. I *really* want to find the underlying issue in this case, and resolve it. I have got some days off in the easter where I will look deeper into it, hoping to find an underlying issue, and create a patch. My only concern is not being able to find the bug, so I'm very happy for any suggestions on how to track this down, or any suspicions to what could be causing the problem. Cheers and happy Easter, Daniel Bond. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH35POUR3pKhqN0EoRApSkAJ9ywSzttH+VJTRrVQLtRvIXcwvyJgCeKkcO BuqV2YXaP+u8ve4tbyfInj8= =YMBU -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47DF93CE.9050406>