I have a Rocky 9.3 install configured to use pam_access.so and pam_motd.so. pam_access is working fine. I'm running in to an issue where /etc/motd doesn't display for LDAP user logins but it does display for local account logins.
I'm using authselect. I'm using a custom profile based on sssd with feature with-pamaccess.
selinux is set to permissive.
sshd_configs are set to usePAM yes and PrintMotd no.
/etc/pam.d/sshd is set to session optional pam_motd.so
I've tried enabling MOTD in /etc/ssh/sshd_config, pointing to a specifc non-standard motd, enabling pam_motd.so in /etc/pam.d/login. I also enabled it in /etc/authselect/system-auth. All it does is print the MOTD additional times for every location i enabled it for local user logins but ldap user logins still have it suppressed.
journalctl log output did lead me to look at selinux for a bit since I was getting a warning regarding nfs home dirs even though they were mounting ok. I told selinux about it setsebool -P use_nfs_home_dirs 1 and the warnings went away. As far as journalctl output is concerned, local and ldap user logins are now the same. so i don't think selinux has anything to do with it.
I'm not sure what else to try. There's very little documentation on `pam_motd.so`. TIA!
Update: Turns out this isn't a PAM issue. The issue remains even after taking PAM out of ssh login process. I've updated the title and tags to reflect this but I kept the original body above for those who may suspect PAM in the beginning as well.
Now I'm looking at LDAP and sssd. little to nothing online on ldap and sssd with regards to motd. ssh -vvv doesn't reveal anything. only difference is one has motd output and the other doesn't. I even used strace on the sshd service to see if there's a difference but still same output.