Re: ixPAMmkdir

SOLVED

Searched the forums but only found one thred realate to this. Unfortunately, the resolution has not helped me.

I've got LDAPUX configured correctly and I can successfully login to the server using AD credentials. I want to use the ixPAMmkdir library to create the home directories on the fly but it does not seem to work!

Here is part of my pam.conf:

login session required libpam_hpsec.so.1
login session sufficient libpam_unix.so.1
login session required libpam_ldap.so.1
login session required libpam_mkdir.so.1 skel=/etc/skel umask=0022

I was able to get it running on three different RHEL3 $ 4 server but not on HP-UX. I set up the PAM debug in syslog.conf. No information on a successfull login. I get error when I try an invalid account so I can see that it is logging!

What am I missing here?

13 REPLIES 13

stupid question, but does /usr/lib/security/libpam_mkdir.so.1 exist?

"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"

Actually no it does not...! I believe you were refereing to /usr/lib/security/hpux64/libpam_mkdir.so.1. Yes that one does exist as well as /opt/iexpress/pammkdir/lib/hpux64/libpam_mkdir.so.1. Those files are identical!

Are users using ssh to connect? you can refer to

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1025452

"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"

Already tried that. Have the same config in the sshd section. Of course I changes the login to sshd. I also have it under OTHER.

can you post

# uname -a

"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"

HP-UX hostname B.11.23 U ia64 2953697624 unlimited-user license

I installed the module and the readme file has the absolute path in it's example.

login session required /usr/lib/security/hpux64/libpam_mkdir.so.1 skel=
/etc/skel/ umask=0022

I realize that pam should be using /usr/lib/security/$ISA/ as the relative path, but you may want to try the absolute path anyway.

"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"

Saw that too. Actually did that first but then syslog complained that it couldn't find that module!

Anything Else?

hmmmm. can you post the output from

# ll /usr/lib/security/*mkdir*

and

# ll /usr/lib/security/hpux64/*mkdir*

They should be symlinks to /opt/iexpress/pammkdir/lib/hpux64/libpam_mkdir.1

"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"

There is/was nothing *mkdir* in /usr/lib/security but there is a symbolic link in the .../hpux64 directory that points to the the correct file in /opt/iexpress/pammkdir/...

I even tried to fool the by adding a sybolic link in the /usr/lib/security directory...still no go! But to show you...

root@hostname /root # ll /usr/lib/security/*mkdir*
/usr/lib/security/*mkdir* not found
root@hostname /root # ll /usr/lib/security/hpux64/*mkdir*
lrwxr-xr-x 1 root sys 51 Jul 24 15:03 /usr/lib/security/hpux64/libpam_mkdir.so.1 -> /opt/iexpress/pammkdir/lib/hpux64/libpam_mkdir.so.1
-r-xr-xr-x 1 root sys 75240 Jul 24 15:56 /usr/lib/security/hpux64/libpam_mkdir.so.1.original

I think you are getting killed by the way that you have the modules stacked. Try this order:

login session required libpam_hpsec.so.1
login session required libpam_mkdir.so.1 skel=/etc/skel umask=0022
login session sufficient libpam_unix.so.1
login session required libpam_ldap.so.1

"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"

That did the trick although it throughs an erro in the syslog abount unknow option! But I can work that out. At least now it does create the directory.

Thanks.

See above post!