Re: Can't login: no pam_unix.so found
On Sunday 23 September 2007 04:57:13 Victor Star wrote: Hi guys, I need your help to fix my FreeBSD 6.2-RELEASE system. This is my home server, used mostly for mail (courier) and local file server (samba). It's been up for quite some time with no problems and really fun for me to learn FreeBSD. I've learned lots of things configuring postfix, courier, RAIDs and wireless. But now I have something I can't handle myself. Spent time searching archives, web to no avail. Now, few days ago I started getting the following in the daily security run output: - 8 -=== Checking for packages with security vulnerabilities: su: pam_start: system error - 8 -=== What I see on the console is: - 8 -=== su: in openpam_load_module(): no pam_unix.so found su: pam_start: system error - 8 -=== I can't also login neither through ssh nor on the console - getting same error. Luckily I still have one ssh root session alive (so far!). I have this bad feeling that on disconnect or reboot I will loose the access to the box. Mail server still working no problem, smtp and POP via SSL work and authorize fine. pam_unix.so is in /usr/lib: - 8 -=== # ls -l /usr/lib/pam_unix* lrwxr-xr-x 1 root wheel 13 Sep 25 2006 /usr/lib/pam_unix.so - pam_unix.so.3 -r--r--r-- 1 root wheel 10240 Feb 19 2007 /usr/lib/pam_unix.so.3 # file /usr/lib/pam_unix.so /usr/lib/pam_unix.so: symbolic link to `pam_unix.so.3' - 8 -=== If ldd /usr/lib/pam_unix.so does not show undefined libs, then first thing I'd look would be towards limits, most notably open file limits: compare sysctl kern.openfiles with output of limits -Hn. There is one more thing that is suspiciously close in time to when this started happening. In the same security run output where I first saw this error I found this: - 8 -=== Sep 18 11:11:37 xx su: BAD SU myloginname to root on /dev/ttyp3 Did or did you not mistype password? Sep 18 11:13:46 xx sshd[45047]: Bad protocol version identification '\377\364\377\375\006quit' from some ip here Sep 18 11:15:08 xx sshd[45056]: Received disconnect from some ip here: 2: Bad packet length 710099706. - 8 -=== That's some user doing telnet on port 22 and doesn't know how to talk ssh. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can't login: no pam_unix.so found
Hi Mel, pam_unix.so is in /usr/lib: - 8 -=== # ls -l /usr/lib/pam_unix* lrwxr-xr-x 1 root wheel 13 Sep 25 2006 /usr/lib/pam_unix.so - pam_unix.so.3 -r--r--r-- 1 root wheel 10240 Feb 19 2007 /usr/lib/pam_unix.so.3 # file /usr/lib/pam_unix.so /usr/lib/pam_unix.so: symbolic link to `pam_unix.so.3' - 8 -=== If ldd /usr/lib/pam_unix.so does not show undefined libs, then first thing I'd look would be towards limits, most notably open file limits: compare sysctl kern.openfiles with output of limits -Hn. Yes, ldd shows no undefined libs. Here is the output for the file limits: ==- 8 - # sysctl kern.openfiles kern.openfiles: 332 # limits -Hn Resource limits (current): openfiles1735 ==- 8 - -=== Sep 18 11:11:37 xx su: BAD SU myloginname to root on /dev/ttyp3 Did or did you not mistype password? I can't completely deny I didn't. I could have. But I somewhat doubt it. There were some glitches with the router NAT around that time, for whatever reason it stopped forwarding POP traffic to the appropriate port, I was trying to fix it. There is a slight chance POP traffic was forwarded to SSH. That would explain the following lines, but POP trying to go SU looks somewhat unusual. Sep 18 11:13:46 xx sshd[45047]: Bad protocol version identification '\377\364\377\375\006quit' from some ip here Sep 18 11:15:08 xx sshd[45056]: Received disconnect from some ip here: 2: Bad packet length 710099706. - 8 -=== That's some user doing telnet on port 22 and doesn't know how to talk ssh. -- Best regards, Victor ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Can't login: no pam_unix.so found
Hi guys, I need your help to fix my FreeBSD 6.2-RELEASE system. This is my home server, used mostly for mail (courier) and local file server (samba). It's been up for quite some time with no problems and really fun for me to learn FreeBSD. I've learned lots of things configuring postfix, courier, RAIDs and wireless. But now I have something I can't handle myself. Spent time searching archives, web to no avail. Now, few days ago I started getting the following in the daily security run output: - 8 -=== Checking for packages with security vulnerabilities: su: pam_start: system error - 8 -=== What I see on the console is: - 8 -=== su: in openpam_load_module(): no pam_unix.so found su: pam_start: system error - 8 -=== I can't also login neither through ssh nor on the console - getting same error. Luckily I still have one ssh root session alive (so far!). I have this bad feeling that on disconnect or reboot I will loose the access to the box. Mail server still working no problem, smtp and POP via SSL work and authorize fine. pam_unix.so is in /usr/lib: - 8 -=== # ls -l /usr/lib/pam_unix* lrwxr-xr-x 1 root wheel 13 Sep 25 2006 /usr/lib/pam_unix.so - pam_unix.so.3 -r--r--r-- 1 root wheel 10240 Feb 19 2007 /usr/lib/pam_unix.so.3 # file /usr/lib/pam_unix.so /usr/lib/pam_unix.so: symbolic link to `pam_unix.so.3' - 8 -=== There is one more thing that is suspiciously close in time to when this started happening. In the same security run output where I first saw this error I found this: - 8 -=== Sep 18 11:11:37 xx su: BAD SU myloginname to root on /dev/ttyp3 Sep 18 11:13:46 xx sshd[45047]: Bad protocol version identification '\377\364\377\375\006quit' from some ip here Sep 18 11:15:08 xx sshd[45056]: Received disconnect from some ip here: 2: Bad packet length 710099706. - 8 -=== I'd appreciate any ideas about what happened and how to get it fixed. Thanks! -- Best regards, Victor ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
