# tor is not starting at boot



## beppo (Oct 31, 2019)

Hello folks,
Tor is not starting after start of the jail although tor_enable="YES" is set in jails /etc/rc.conf. I am able to start tor from the command line without error.

Some points:

I am using tor in a jail on 12.0-RELEASE-p10,
Tor has been installed with pkg,
/usr/local/etc/rc.d/tor is standard,
/usr/local/etc/tor/torrc is standard,
_tor user and group has been added by pkg install tor.
It would be great if anyone has a hint.

Alex

/var/log/messages

```
Oct 31 17:33:12 <kern.info> tor syslogd: kernel boot file is /boot/kernel/kernel
Oct 31 17:33:12 <auth.err> tor su[2613]: in openpam_check_error_code(): pam_sm_acct_mgmt(): unexpected return value 12
Oct 31 17:33:12 <auth.err> tor su[2613]: pam_acct_mgmt: Authentication information is unavailable
Oct 31 17:33:12 <user.notice> tor alex[2774]: /etc/rc: WARNING: failed to start tor
```
/etc/rc.conf (jail)

```
# enable tor and polipo
tor_enable="YES"
polipo_enable="YES"
```


```
(pts/1)[root@tor:/]# getent passwd
...
_tor:*:256:256:Tor anonymizing router:/var/db/tor:/usr/sbin/nologin
...
(pts/1)[root@tor:/]#
```


```
(pts/1)[root@bepserv1:/home/alex]# jexec tor tcsh
(pts/1)[root@tor:/]# service tor status
tor is not running.
(pts/1)[root@tor:/]# service tor start
Starting tor.
Oct 31 17:33:24.135 [notice] Tor 0.4.1.6 running on FreeBSD with Libevent 2.1.11-stable, OpenSSL 1.1.1a-freebsd, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.4.3.
Oct 31 17:33:24.136 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 31 17:33:24.136 [notice] Read configuration file "/usr/local/etc/tor/torrc".
Oct 31 17:33:24.150 [notice] Opening Socks listener on 127.0.0.1:9050
Oct 31 17:33:24.150 [notice] Opened Socks listener on 127.0.0.1:9050
(pts/1)[root@tor:/]#
```


----------



## beppo (Nov 1, 2019)

Found the problem. I am using sssd to connect to a freeipa server. As I didn't need sssd on the tor jail I hadn't configured it properly. But I forgot to delete pam_sss.so from /etc/pam.d/system. After fixing that tor is properly starting upon start of the jail.

/etc/pam.d/system

```
#
# $FreeBSD: releng/12.0/lib/libpam/pam.d/system 197769 2009-10-05 09:28:54Z des $
#
# System-wide defaults
#

# auth
auth            sufficient      pam_opie.so             no_warn no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local
auth            sufficient      pam_krb5.so             no_warn try_first_pass
#auth           sufficient      pam_ssh.so              no_warn try_first_pass
#auth           sufficient      /usr/local/lib/pam_sss.so use_first_pass
auth            required        pam_unix.so             no_warn try_first_pass nullok

# account
#account        required        pam_krb5.so
account         required        pam_login_access.so
account         required        pam_unix.so
#account         required        /usr/local/lib/pam_sss.so ignore_unknown_user

# session
#session        optional        pam_ssh.so              want_agent
#session                required        /usr/local/lib/pam_mkhomedir.so
session         required        pam_lastlog.so          no_fail

# password
#password       sufficient      pam_krb5.so             no_warn try_first_pass
#password       sufficient      /usr/local/lib/pam_sss.so use_authtok
password        required        pam_unix.so             no_warn try_first_pass
```


----------

