# Can't SU to root - "pam_start" issue?



## carltonfsck (Apr 18, 2010)

Hi All,

I just upgraded my FreeBSD server (Dell PowerEdge 2550) from 6.4-Release to 7.1-Release using the FreeBSD-update tool.  The upgrade went well, considering that it doesn't have Xorg or any Desktop manager installed.  There're only 15 ports installed on it.

The only somewhat "major" issue I came across once the upgrade was completed was that some ports/binaries wouldn't run.  Either I had to reinstall some ports, or I had to re-link some library files in order to get them to work. 

One of the most notable was that I can't SU to root as I was able to prior to the upgrade.  No matter if I try SU'ing from the console itself or SSH I get this error....


```
/libexec/ld-elf.so.1: su: Undefined symbol "pam_start"
```

Mind you, using "sudo" works fine, however I use SU while at the server console.

I don't even know where to begin.  I'm not too familiar with PAM.  Anyone ever seen this before??

I tried Googling but wasn't able to find anything. 

Any assistance would be much appreciated.

Regards,

--CF


----------



## gilinko (Apr 18, 2010)

Have you rebuild all the ports after your upgrade, as that is something that you have to do between "major" upgrades(6.X -> 7.X)? That error usually comes from the use of a pam module that has been installed from ports and if my previous question is true you have to rebuild all 15 ports before it will be working again.


----------



## carltonfsck (Apr 18, 2010)

Hi,

Yes I have rebuilt all the ports as described at the very bottom of Section 24.2.3 of the FreeBSD handbook (FreeBSD Update).

I didn't get any errors or anything while performing those steps.  However, I did notice that when I attempted to upgrade Ruby as mentioned, nothing happened.  It brought me right back to the '#' root prompt.  I still continued with the steps all the way through, and then rebooted.  Still nothing.

Latest note... I just logged out of my root account and attempted to log back in via the console and now I can't get back in at all!!  No other accounts will login either, I get that dreadful message whenever I try logging in.   The only way I can get in is via SSH, and then use "sudo" to issue root commands.


----------



## trasz@ (Apr 18, 2010)

It looks like something went wrong with the update.  Could you try to upgrade using more conventional method, i.e. from sources?  Just download source (using csup and a proper config file; see examples at /usr/share/examples/cvsup/), compile (make buildworld buildkernel) and install (make installkernel, reboot, make installworld).


----------



## carltonfsck (Apr 18, 2010)

Sure thing.  I'll go ahead and give it a whirl and report back.  Good thing I didn't log out of the two accounts I have logged in via the console.  

I'll report back once it's done and with the status.   Thanks for your recommendation!

--CF


----------



## trasz@ (Apr 18, 2010)

Note that this problem will not be fixed before you do "make installworld".  So, you might consider doing it _before_ reboot, even though it's not recommended.


----------



## carltonfsck (Apr 19, 2010)

Hi,

I saw your reply as I started to execute the source update.  Thanks!

I went ahead and did what you suggested.  Unfortunately, it didn't work.  

I'm locked out of logging in from the console.  SSH is the only way into the FreeBSD install, with sudo to do root tasks.

However, I did notice something odd.  While FreeBSD was booting up and going through the normal scrolling dmesg, that same exact error message appeared.  

Any other suggestions or ideas?


----------



## gilinko (Apr 19, 2010)

Have you made any changes to the /etc/pam.d/su file? Or any other file regarding the pam subsystem? This as the problem stems from there.


----------



## carltonfsck (Apr 19, 2010)

Negative.  Never touched any of it.  Not even prior to the upgrade.

However, during my sleepless night, I thought about everything up until the issue....

Right after the upgrade was completely and I did the final reboot, I was able to log into the 'console' as root, or any other account that I use with NO problem.  During that time, that's when I discovered that several binaries or installed ports weren't working and reporting, "library" file errors.  That's when I either opted to reinstall some of them, or started linking the missing library files that it was complaining about.  Those're the only two activities that I've done as root.

Therefore, I'm going to go back and look at some of those linked library files, as well as some of the ports I reinstalled (there're only 15 total installed), and see if I get lucky.  That's all I can think of at this point.  

I'll let you know what happens.

Thanks!

--CF


----------



## SirDice (Apr 19, 2010)

Don't ever link different library versions. Solve the problem. One way would be to install misc/compat6x.


----------



## carltonfsck (Apr 19, 2010)

SirDice, THANKS for the advice!  I'm starting to realize that now.  

Anywho... I figured out what it was!!!  My suspicions were correct!  It had to do with an incorrectly linked "pam" library file that I linked to the wrong file!  OOooopsie!  MY BAD!!!  What a great learning experience though.  Here's the screenshot from my /lib directory (below).  As soon as I saw one of the links that said "pam", I immediately saw what the problem was.....



```
lrwxr-xr-x   1 root  wheel       15 Apr 17 11:46 libmd.so.3@ -> /lib/libmd.so.4
-r--r--r--   1 root  wheel    60044 Apr 18 20:13 libmd.so.4
lrwxr-xr-x   1 root  wheel       20 Apr 17 12:10 libncurses.so.6@ -> /lib/libncurses.so.7
-r--r--r--   1 root  wheel   261484 Apr 18 20:13 libncurses.so.7
-r--r--r--   1 root  wheel   315652 Apr 18 20:13 libncursesw.so.7
-r--r--r--   1 root  wheel    26956 Apr 18 20:13 libnvpair.so.1
lrwxr-xr-x   1 root  wheel       20 Apr 17 19:03 libpam.so.3@ -> /usr/lib/libpam.so.4
[B]lrwxr-xr-x   1 root  wheel       19 Apr 17 19:02 libpam.so.4@ -> /lib/libcrypto.so.5[/B]
-r--r--r--   1 root  wheel   159496 Apr 18 20:13 libpcap.so.5
-r--r--r--   1 root  wheel   199400 Apr 18 20:13 libreadline.so.7
-r--r--r--   1 root  wheel     5944 Apr 18 20:13 libsbuf.so.4
```

I removed the link, SU'ed, and BAM!!  Back in business!! 8-D

THANK YOU to ALL who offered advice, etc.  It's ALWAYS much appreciated!!! 

--CF


----------



## trasz@ (Apr 19, 2010)

Just for the record - after system upgrade, if you're missing old versions of system libraries, the proper solution (apart from upgrading ports, obviously) is to install compat ports.  In this case, it would be misc/compat6x.


----------



## carltonfsck (Apr 19, 2010)

Gotcha!  Thanks again everyone!


----------

