When trying to login to Baan IVc4 on Linux using the 'baanlogin' protocol I get the following errors from debugging the baanlogin. What does this mean?

Daemon: Incoming connection, spawn child.
2007-11-07[13:59:59]: Child: handle BaanLogin request.
2007-11-07[13:59:59]: Child: received: user bsp, action 1
2007-11-07[13:59:59]: IBCmd /baan/bse/bin/ipc_boot, bseVersion 6.1
2007-11-07[13:59:59]: Try authentication via PAM
2007-11-07[13:59:59]: PAM available for this platform
2007-11-07[13:59:59]: Authenticating user 'bsp'.
2007-11-07[13:59:59]: message 1: 'Password: '
2007-11-07[13:59:59]: Setting password for user bsp in PAM callback
2007-11-07[13:59:59]: Daemon: revert to listen-mode.
2007-11-07[14:00:01]: Failed to authenticate via PAM (error 28: Module is unknown)
2007-11-07[14:00:01]: No success via PAM; try classic route
2007-11-07[14:00:01]: Function HAL_cmp_password failed for user bsp
blogind6.1: Login failed for user bsp
2007-11-07[14:00:01]: Child: logon for bsp failed, pam Error: 28.

it's been a while, but i think you need to add a blogind to your pam.conf
or something similar.

Dave

Thanks Dave,

I don't think it's anything to do with pam.conf as we have another Linux server that works with baanlogin and it has nothing in pam.conf.

Below are errors from the Linux logs perhaps this will shed some more light?

Nov 7 17:01:12 teeis10baan01 blogind6.1: PAM unable to dlopen(/lib/security/added)
Nov 7 17:01:12 teeis10baan01 blogind6.1: PAM [dlerror: /lib/security/added: cannot open shared object file: No such file or directory]
Nov 7 17:01:12 teeis10baan01 blogind6.1: PAM adding faulty module: /lib/security/added
Nov 7 17:12:38 teeis10baan01 blogind6.1: PAM (login) illegal module type: ~
Nov 7 17:12:38 teeis10baan01 blogind6.1: PAM pam_parse: expecting return value; [...Line]
Nov 7 17:12:38 teeis10baan01 blogind6.1: PAM unable to dlopen(/lib/security/added)
Nov 7 17:12:38 teeis10baan01 blogind6.1: PAM [dlerror: /lib/security/added: cannot open shared object file: No such file or directory]
Nov 7 17:12:38 teeis10baan01 blogind6.1: PAM adding faulty module: /lib/security/added
Nov 7 17:26:34 teeis10baan01 sshd(pam_unix)[22562]: session opened for user root by (uid=0)
Nov 7 17:28:11 teeis10baan01 blogind6.1: PAM (login) illegal module type: ~
Nov 7 17:28:11 teeis10baan01 blogind6.1: PAM pam_parse: expecting return value; [...Line]
Nov 7 17:28:11 teeis10baan01 blogind6.1: PAM unable to dlopen(/lib/security/added)
Nov 7 17:28:11 teeis10baan01 blogind6.1: PAM [dlerror: /lib/security/added: cannot open shared object file: No such file or directory]
Nov 7 17:28:11 teeis10baan01 blogind6.1: PAM adding faulty module: /lib/security/added

Looks like its trying to find a pam lib in that directory and can't? maybe it's permissions?

can you do a
ldd blogind6.2

and look for anything missing?

Dave

Hello Dave,

I've run the ldd blogind6.1 as suggested and the output is below. I must admit I'm not sure what this is telling me. If I run this on another Linux server where blogind is running without issue I get the same results.

ldd $BSE/bin/blogind6.1
linux-gate.so.1 => (0xffffe000)
libm.so.6 => /lib/tls/libm.so.6 (0x00887000)
libnsl.so.1 => /lib/libnsl.so.1 (0x008e4000)
libdl.so.2 => /lib/libdl.so.2 (0x008ac000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x008fc000)
libpam.so.0 => /lib/libpam.so.0 (0xf7fd8000)
libc.so.6 => /lib/tls/libc.so.6 (0x00759000)
/lib/ld-linux.so.2 (0x0073f000)
libaudit.so.0 => /lib/libaudit.so.0 (0xf7fc7000)

usually it will say "missing" if it's missing a shared lib.

So that looks ok.

So i'd focus on these guys
Nov 7 17:01:12 teeis10baan01 blogind6.1: PAM unable to dlopen(/lib/security/added)
Nov 7 17:01:12 teeis10baan01 blogind6.1: PAM [dlerror: /lib/security/added: cannot open shared object file: No such file or directory]


Why is blogind6.2/PAM unable to open that directory? does it exist / is it readable on the system that works?

Dave

Dave,

The /lib/security directory exists but there isn't anything, file or directory. called 'added'. However, this is the same on the server where blogind6.1 works. The /lib/security directory and files underneath all have 755 permissions.

I have sent Redhat support sysreports from both servers and they tell me that both have the same versions of PAM running and that security set-up is the same on both servers. So they are telling me it's the Baan application where the issue lies. So it looks like I'm in for a game of 'ping-pong' between Redhat and Baan.

Your help is appreciated as I'm getting nowhere fast with the 'official' support channels.

Cheers

PJ

your blogind permssions are set the same on both right? you don't have it setuid root or anything?

doesn't make sense that if the same vesion of software (blogind) worked on box X but not box Y that it would be the software that was broken...


Can you compare your /etc/pam.d/ directories across both servers?

Dave

blogind permissions are the same across both servers

In /etc/pam.d both servers have the same files with the 'broken' server having a few more.

I think it is strange that you get a "PAM (login) illegal module type: ~" mesage: looks like you have somewhere references to a home directory using ~ instead of the full path?

As extra (you never know), I once had strange errors with PAM when my groups and passwd were not synchronized with their shadow's. Check also these (pwck and grpck to make sure that they are ok).