Hello, I have an issue with the configuration of pam_setquota.so. I added the following quota schema:
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 8fd665e7 dn: cn=quota,cn=schema,cn=config objectClass: olcSchemaConfig cn: quota olcAttributeTypes: {0}( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota' DESC 'Quotas (FileSystem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} ) olcObjectClasses: {0}( 1.3.6.1.4.1.19937.1.2.1 NAME 'systemQuotas' DESC 'System Quotas' SUP posixAccount AUXILIARY MUST uid MAY quota )
I create a user, and the attributes are created correctly:
objectclass: systemQuotas objectclass: posixAccount objectclass: inetOrgPerson objectclass: organizationalPerson objectclass: person quota: /home,500,510,0,0
Configuration of /etc/pam.d/common-session:
# here are the per-package modules (the "Primary" block) session [default=1] pam_permit.so # here's the fallback if no module succeeds session requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around session required pam_permit.so # and here are more per-package modules (the "Additional" block) session required pam_unix.so session [success=ok default=ignore] pam_ldap.so minimum_uid=1000 session optional pam_systemd.so session optional pam_mkhomedir.so skel=/etc/skel umask=077 session required pam_setquota.so # end of pam-auth-update config
When logging in with an LDAP user, the following appears in Debian logs: pam_setquota(login:session): no limits defined in configuration for user zprieto on /dev/vda5. I don’t know what is missing that prevents the user’s attributes from being read. Thank you very much.
Hi!
Assuming /home is mounted from /dev/vda5 you might specify the device and not the mount point, but that’s just a guess.
Kind regards, Ulrich Windl
From: Rodrigo Prieto rodrigoprieto2019@gmail.com Sent: Sunday, December 29, 2024 9:57 PM To: openldap-technical@openldap.org Subject: [EXT] Hello, I have an issue with the configuration of pam_setquota.so. I added the following quota schema:
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 8fd665e7 dn: cn=quota,cn=schema,cn=config objectClass: olcSchemaConfig cn: quota olcAttributeTypes: {0}( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota' DESC 'Quotas (FileSystem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} ) olcObjectClasses: {0}( 1.3.6.1.4.1.19937.1.2.1 NAME 'systemQuotas' DESC 'System Quotas' SUP posixAccount AUXILIARY MUST uid MAY quota )
I create a user, and the attributes are created correctly:
objectclass: systemQuotas objectclass: posixAccount objectclass: inetOrgPerson objectclass: organizationalPerson objectclass: person quota: /home,500,510,0,0
Configuration of /etc/pam.d/common-session:
# here are the per-package modules (the "Primary" block) session [default=1] pam_permit.so # here's the fallback if no module succeeds session requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around session required pam_permit.so # and here are more per-package modules (the "Additional" block) session required pam_unix.so session [success=ok default=ignore] pam_ldap.so minimum_uid=1000 session optional pam_systemd.so session optional pam_mkhomedir.so skel=/etc/skel umask=077 session required pam_setquota.so # end of pam-auth-update config
When logging in with an LDAP user, the following appears in Debian logs: pam_setquota(login:session): no limits defined in configuration for user zprieto on /dev/vda5. I don’t know what is missing that prevents the user’s attributes from being read. Thank you very much.
openldap-technical@openldap.org
-
Rodrigo Prieto -
Windl, Ulrich