Am Tage des Herren Sun, 22 Mar 2026 18:29:34 +0300 Gleb Popov <[email protected]> schrieb:
> On Sun, Mar 22, 2026 at 6:18 PM A FreeBSD User <[email protected]> wrote: > > > > Hello, > > > > fighting a major problem here. > > Start with installing security/pamtester and running > > pamtester xdm <username> authenticate > > Does it also fail? Do you see something suspicious in SSSD logs? > Thanks for responding. Some results (with pam_ldap.so): ohartmann@host [ohartmann]: pamtester xdm ohartmann authenticate Password: pamtester: successfully authenticated ohartmann@host [ohartmann]: pamtester xdm ohartmann acct_mgmt pamtester: account management done. ohartmann@host [ohartmann]: pamtester xdm ohartmann open_session Can't mkdir /var/run/xdgpamtester: Session failure When changing in /etc/pam.d/xdm session required pam_xdg.so runtime_dir_prefix=/var/run/xdg/ I get ohartmann@host [ohartmann]: pamtester xdm ohartmann open_session Can't mkdir /var/run/xdg/pamtester: Session failure There seems to be a bug in pam_xdg.so handling the last slash. Using pam_sss.so as described initially in /etc/pam.d/xdm: ohartmann@host [ohartmann]: pamtester xdm ohartmann authenticate Password: pamtester: successfully authenticated ohartmann@host [ohartmann]: pamtester xdm ohartmann acct_mgmt pamtester: account management done. ohartmann@host [ohartmann]: pamtester xdm ohartmann open_session Can't mkdir /var/run/xdg/pamtester: Session failure I do not see anything useful being logged. Setting "debug_level = 7" within /usr/local/etc/sssd/sssd.conf doesn't see to have any effect in the amount of log chatter being issue. Running sssd -i -d 7 fills up the screen very quickly, but I never see anything suspicious. I do have a local hosted fallback user, in my case "hartmann". I can login with pam_sss.so enabled without problem here. Regards, oh -- A FreeBSD user
pgp_NK2Spb18Z.pgp
Description: OpenPGP digital signature
