Re: bug in NSS ?
my /usr/local/lib/sasl2/Sendmail.conf: pwcheck_method: auxprop auxprop_plugin: sasldb Is the Sendmail.conf file the same as the FreeBSD file on the Solaris 8 system? yes of course. On Solaris8 box and FreeBSD box i have a identical configuration. Does sasldblistusers2 on the Solaris 8 system list the test user in the sasldb file? If it does, is their a test user in the FreeBSD sasldb file? yes. # sasldblistusers2 [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: userPassword on FreeBSD and Solaris i can successfully authenticate any user from sasldb via SMTP with sendmail: # perl -e 'use MIME::Base64; print encode_base64(test\0test\0test);' dGVzdAB0ZXN0AHRlc3Q= $ telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Tue, 21 Oct 2003 13:29:41 +0400 (MSD) ehlo test 250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN 250-DELIVERBY 250 HELP AUTH PLAIN dGVzdAB0ZXN0AHRlc3Q= 235 2.0.0 OK Authenticated quit 221 2.0.0 server.komi.mts.ru closing connection Connection closed by foreign host. But, user test (from ldap) on FreeBSD cannot send mail from command line via /usr/bin/mail or /usr/sbin/sendmail (if MSP use AUTH): %id uid=1000(test) gid=1000(test) groups=1000(test) %date | /usr/sbin/sendmail -v root root... Connecting to [127.0.0.1] via relay... 220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Tue, 21 Oct 2003 13:44:57 +0400 (MSD) EHLO server.komi.mts.ru 250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN 250-DELIVERBY 250 HELP QUIT 221 2.0.0 server.komi.mts.ru closing connection root... Deferred: Temporary AUTH failure Closing connection to [127.0.0.1] On Solaris this work fine. And any user from /etc/passwd can successfully send mail from command line via /usr/bin/mail or /usr/sbin/sendmail (if MSP use AUTH) on Solaris and FreeBSD: $ id uid=70(pgsql) gid=70(pgsql) groups=70(pgsql) $ date|/usr/sbin/sendmail -v root root... Connecting to [127.0.0.1] via relay... 220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Tue, 21 Oct 2003 13:51:05 +0400 (MSD) EHLO server.komi.mts.ru 250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN 250-DELIVERBY 250 HELP AUTH PLAIN c21tc3AAc21tc3AAc21tc3A= 235 2.0.0 OK Authenticated MAIL From:[EMAIL PROTECTED] SIZE=29 [EMAIL PROTECTED] 250 2.1.0 [EMAIL PROTECTED]... Sender ok RCPT To:[EMAIL PROTECTED] DATA 250 2.1.5 [EMAIL PROTECTED]... Recipient ok 354 Enter mail, end with . on a line by itself . 250 2.0.0 h9L9p5XM000790 Message accepted for delivery root... Sent (h9L9p5XM000790 Message accepted for delivery) Closing connection to [127.0.0.1] QUIT 221 2.0.0 server.komi.mts.ru closing connection AUTH PLAIN c21tc3AAc21tc3AAc21tc3A= - is authinfo for user smmsp (smmsp\0smmsp\0smmsp): # perl -e 'use MIME::Base64;print decode_base64(c21tc3AAc21tc3AAc21tc3A=) , \n;' smmspsmmspsmmsp Why auth work for local users and don't work for nss_ldap users ? Thanks! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bug in NSS ?
From:[EMAIL PROTECTED] I have a problem with nss_ldap on FreeBSD. After tranfer users from /etc/passwd to ldap directories my users cannot send a mail via /usr/bin/mail | /usr/sbin/sendmail program: : Any ideas ? What are the contents of the /usr/local/lib/sasl*/Sendmail.conf file? Is pwcheck_method set to saslauthd, or sasldb? If it is set to saslauthd, what flags do you use for it (-a pam or -a ldap)? Scot ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bug in NSS ?
I have a problem with nss_ldap on FreeBSD. After tranfer users from /etc/passwd to ldap directories my users cannot send a mail via /usr/bin/mail | /usr/sbin/sendmail program: What are the contents of the /usr/local/lib/sasl*/Sendmail.conf file? Is pwcheck_method set to saslauthd, or sasldb? If it is set to saslauthd, what flags do you use for it (-a pam or -a ldap)? my /usr/local/lib/sasl2/Sendmail.conf: pwcheck_method: auxprop auxprop_plugin: sasldb Thanks! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bug in NSS ?
From: Alex Deiter [EMAIL PROTECTED] I have a problem with nss_ldap on FreeBSD. After tranfer users from /etc/passwd to ldap directories my users cannot send a mail via /usr/bin/mail | /usr/sbin/sendmail program: What are the contents of the /usr/local/lib/sasl*/Sendmail.conf file? Is pwcheck_method set to saslauthd, or sasldb? If it is set to saslauthd, what flags do you use for it (-a pam or -a ldap)? my /usr/local/lib/sasl2/Sendmail.conf: pwcheck_method: auxprop auxprop_plugin: sasldb Is the Sendmail.conf file the same as the FreeBSD file on the Solaris 8 system? How is saslauthd started on both systems (-a pam, -a sasldb, -a ldap)? Scot ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bug in NSS ?
From: Scot W. Hetzel [EMAIL PROTECTED] From: Alex Deiter [EMAIL PROTECTED] I have a problem with nss_ldap on FreeBSD. After tranfer users from /etc/passwd to ldap directories my users cannot send a mail via /usr/bin/mail | /usr/sbin/sendmail program: What are the contents of the /usr/local/lib/sasl*/Sendmail.conf file? Is pwcheck_method set to saslauthd, or sasldb? If it is set to saslauthd, what flags do you use for it (-a pam or -a ldap)? my /usr/local/lib/sasl2/Sendmail.conf: pwcheck_method: auxprop auxprop_plugin: sasldb Is the Sendmail.conf file the same as the FreeBSD file on the Solaris 8 system? Does sasldblistusers2 on the Solaris 8 system list the test user in the sasldb file? If it does, is their a test user in the FreeBSD sasldb file? How is saslauthd started on both systems (-a pam, -a sasldb, -a ldap)? Scot ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Bug in nss compat code?
I think I've found a few bugs in the NSS code for FreeBSD 5.1 . I'm not sure of the best way to split them up, so I'll list them all here. FreeBSD version: % uname -a FreeBSD myrtle 5.1-CURRENT FreeBSD 5.1-CURRENT #1: Mon Aug 11 17:15:47 EDT 2003 [EMAIL PROTECTED]:/private/freebsd-src/obj/private/freebsd-src/src/sys/CISEKERN i386 1) getnetgrent still seems to ignore the NIS netgroup maps and only uses /etc/netgroup. A '+' as the only entry in /etc/netgroup does not force an NIS netgroup map lookup. This bug has been reported in the 4.x tree as well. 2) There's an odd bug in sshd/nss when the following are configured: - nsswitch.conf passwd: compat - sshd_config ChallengeResponseAuthentication yes (default) HostbasedAuthentication yes When /etc/netgroup doesn't exist, the sshd hangs when logging in with HostbasedAuthentication: [EMAIL PROTECTED]:~ # gdb /usr/sbin/sshd GNU gdb 5.2.1 (FreeBSD) (gdb) run -d -p 987 [ some debugging output deleted for readability] debug1: KEX done debug1: userauth-request for user jfh service ssh-connection method none debug1: attempt 0 failures 0 debug1: PAM: initializing for jfh debug1: PAM: setting PAM_RHOST to waterspout.cise.ufl.edu Failed none for jfh from 128.227.205.52 port 47962 ssh2 Failed none for jfh from 128.227.205.52 port 47962 ssh2 debug1: userauth-request for user jfh service ssh-connection method hostbased debug1: attempt 1 failures 1 debug1: userauth_hostbased: cuser jfh chost waterspout.cise.ufl.edu. pkalg ssh-dss slen 55 Failed hostbased for jfh from 128.227.205.52 port 47962 ssh2 debug1: userauth-request for user jfh service ssh-connection method hostbased debug1: attempt 2 failures 2 debug1: userauth_hostbased: cuser jfh chost waterspout.cise.ufl.edu. pkalg ssh-rsa slen 143 Failed hostbased for jfh from 128.227.205.52 port 47962 ssh2 debug1: userauth-request for user jfh service ssh-connection method keyboard-interactive debug1: attempt 3 failures 3 debug1: keyboard-interactive devs debug1: auth2_challenge: user=jfh devs= debug1: kbdint_alloc: devices 'pam' debug1: auth2_challenge_start: trying authentication method 'pam' ^C Program received signal SIGINT, Interrupt. 0x282e987f in read () at {standard input}:15 15 {standard input}: No such file or directory. in {standard input} Current language: auto; currently asm (gdb) Quit (gdb) where #0 0x282e987f in read () at {standard input}:15 #1 0x281409ab in atomicio (f=0x5, fd=-1077940208, _s=0xbfbff038, n=674583073) at /private/freebsd-src/src/crypto/openssh/atomicio.c:45 #2 0x281286a9 in ssh_msg_recv (fd=5, m=0xbfbff010) at /private/freebsd-src/src/crypto/openssh/msg.c:58 #3 0x08062bb5 in pam_query (ctx=0x807a870, name=0x7, info=0x7, num=0xbfbff064, prompts=0xbfbff068, echo_on=0xbfbff06c) at /private/freebsd-src/src/crypto/openssh/auth2-pam-freebsd.c:397 #4 0x0805ef2a in mm_answer_pam_query (socket=3, m=0xbfbff0a0) at /private/freebsd-src/src/crypto/openssh/monitor.c:799 #5 0x0805e51a in monitor_read (pmonitor=0x8075580, ent=0x8070320, pent=0xbfbff0ec) at /private/freebsd-src/src/crypto/openssh/monitor.c:388 #6 0x0805e208 in monitor_child_preauth (pmonitor=0x8075580) at /private/freebsd-src/src/crypto/openssh/monitor.c:301 #7 0x0804ed1f in privsep_preauth () at /private/freebsd-src/src/crypto/openssh/sshd.c:605 #8 0x0805087a in main (ac=47962, av=0x807a7b0) at /private/freebsd-src/src/crypto/openssh/sshd.c:1523 #9 0x0804e1a2 in _start (ap=0xbfbffb24 /usr/sbin/sshd) at /private/freebsd-src/src/lib/csu/i386-elf/crt1.c:104 With either ChallengeResponseAuthentication or HostbasedAuthentication disabled, I'm prompted for a password. With both enabled, sshd hangs here, and I'm never prompted for a password on the client side. However, if /etc/netgroup does exist and is populated with netgroup info, I get a core dump in sshd: (gdb) run -d -p 987 [ ... ] debug1: KEX done debug1: userauth-request for user jfh service ssh-connection method none debug1: attempt 0 failures 0 debug1: PAM: initializing for jfh debug1: PAM: setting PAM_RHOST to waterspout.cise.ufl.edu Failed none for jfh from 128.227.205.52 port 47968 ssh2 Failed none for jfh from 128.227.205.52 port 47968 ssh2 debug1: userauth-request for user jfh service ssh-connection method hostbased debug1: attempt 1 failures 1 debug1: userauth_hostbased: cuser jfh chost waterspout.cise.ufl.edu. pkalg ssh-dss slen