Displaying 20 results from an estimated 3000 matches similar to: "Issue with joing to ADS2003 domain"
2005 Aug 29
1
dovecot/Active Directory/KRB client (OT)
Gang,
For those who asked about making a Solaris system a Kerberos
client to Active Directory, the magic document to have is:
http://www.connectathon.org/seam1.0/files/c0101.htm
See the section "How to Configure a SEAM Client Using a Windows
2000 KDC". SEAM was Sun's Kerberos client stuff in Solaris 8;
it is just there as part of Solaris 9 and 10. These instructions
apply if
2002 Mar 26
2
SSH / PAM / Kerberos / password aging
Ok, so, things are complicated.
The PAM standard insists on password aging being done after account
authorization, which comes after user authentication. Kerberos can't
authenticate users whose passwords are expired.
So PAM_KRB5 implementations tend to return PAM_SUCCESS from
pam_krb5:pam_sm_authenticate() and arrange for pam_krb5:pam_sm_acct_mgmt()
to return PAM_NEW_AUTHTOK_REQD, as
2019 Jun 15
2
Kerberos and NTLMv2 authentication
Hello Rowland,
Sorry for the workgroup and realm name, I put MYDOMAIN to anonymize,
should be :
realm = MYDOMAIN.LOCAL
workgroup = MYDOMAIN
About libpam-krb5 installed, I have on my system :
yum list krb5-workstation pam_krb5
krb5-workstation.x86_64 1.15.1-37.el7_6
@updates
pam_krb5.x86_64 2.4.8-6.el7 @base
Is pam_krb5
2005 Mar 21
2
Winbind vs pam_krb5/nss_ldap
Hi all,
I am just after some opinions about the pros and cons of winbind
compared to the 'standard' kerberos and ldap methods. I've have
already got single sign on working with pam_krb5 and nss_ldap (using
SASL/GSSAPI) against SBS 2003 (with MSSFU 3.0) using Debian Sarge as
clients/'member servers', and integration of Samba is the next bit I'm
looking at.
The impressions
2004 Jun 09
1
RES: authentification in ads2003
I also have made this configuration working with w2k, the problem is related
do enc-types used by w2k3.
I have seen a lot of people complaining about the same issue. Can the samba
gurus help the community ??? What are the right configuration to put a Samba
3.0.x working as a Active Directory 2003 member and be accessible through
\\<samba name>\<share name> ?!
Please Jerry Carter,
2010 Feb 16
2
pam_mount
Hi all,
I am a bit confused about the usage of pam_mount.
Here is my /etc/pam.d/system-auth:
auth required pam_env.so
auth required pam_mount.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_krb5.so use_first_pass
auth required pam_deny.so
account
2004 Jun 09
1
authentification in ads2003
Hello,
*This msg was already sent yesterday on this ml, but some i found some
faults in the mail.*
**If anyone can help me... the only thing i'm thinking now is to throw away
the servers**
I installed Samba 3.0.4 + kerberos 5 + winbind to make the debian woody
server joining
the Active directory service.
Everything seems to be ok, except the authentification. If i try to go to
the share of
2019 Jun 17
2
Fwd: Re: Kerberos and NTLMv2 authentication
On 17/06/2019 12:56, Edouard Guign? via samba wrote:
> Hello,
>
> May you answer me about my issue with kerberos ?
>
> About libpam-krb5 installed, I have on my system :
> yum list krb5-workstation pam_krb5
> krb5-workstation.x86_64 1.15.1-37.el7_6 @updates
> pam_krb5.x86_64 2.4.8-6.el7 @base
>
> Is pam_krb5 equivalent to libpam-krb5 on centos 7 ?
Sorry for the late
2014 Jan 19
1
sudo (+ldap+kerberos) not accepting password
So I have this centos 5.10 box which authenticates network users
against ldap(authorizing)+kerberos(authentication). And I now would
like to have sudo be able to allow admins (netgroup chinbeards) to
sudo about. I am not using sssd though (yet).
Here is the output of me trying sudo (debug on):
[raub at centos5-x64 ~]$ sudo pwd
LDAP Config Summary
===================
uri
2004 Aug 20
1
Fw: winbind, active directory and solaris 8
I sent this the other day, but did not get any replies, can anyone help?
Hi All,
I have a sparc solaris 8 server running samba 2.2.11 (which i complied with
winbind).
The server has been running for years and has about 20 local users setup
using local files for openssh and rexec logins, and samba shares.
They each use samba to map to their home directory and a common shared
folder.
They also
2001 Dec 30
1
Extracting the trust account password (for use with Win2k's ktpass)?
Hello, all:
My Samba server is a member of a Windows 2000 AD domain.
Authentication to the Samba server is, of course, by encrypted NTLM
hashes. Authentication to the host itself, which runs Red Hat Linux
7.1, is by NIS (the AD domain controller is running Server for NIS).
I want to remove NIS (or at least the passwords from NIS). To
accomplish this, I wish to use pam_krb5 to authenticate users
2003 Sep 05
1
pam_winbind verses pam_krb5
Greetings ...
Have a question, was is the advantages of use pam_winbind verses
pam_krb5 for Samba user authentaction?
I mean, if I point my Linux box Kerberos to a Win2003 AD server, I
am able to authenticate my users out of AD, but at the moment still
having problems with winbind and nsswitch.
Is there an advantage to using pam_winbind instead of pam_krb5?
Mailed
Lee
2005 Jun 13
2
x86_64 duplicate packages problem with apt
I installed Centos3.4-x86_64 and I notice that I get duplicate packages.
i.e. I also notice that the duplate packages exist on the cd install as
well.
[root at bayamo RPMS]# rpm -qa | grep pam_krb
pam_krb5-1.73-1
pam_krb5-1.73-1
when I use apt after downloading from Dag's site it complains about
duplicate packages after running apt-get update.
I am missing something to get my x86_64
2002 Dec 26
1
changing passwords from win2k
I having been trouble by this for a few days now and was wondering if anyone
else has had any luck with this?
I am currently running Samba 2.2.6pre2 on FreeBSD 4.7-RELEASE
I have successfully set up samba to be the PDC
I am unsuccessfully trying to change the passwords on the W2k box and I am
recieving the error that the user name/password are incorrect make sure the
caps lock is not on.
When I
2007 Jul 18
3
still about winbind idmap customization
Hi,
i've read the thread about idmap customization, i'm planning an
integration between windows AD and MIT kerberos, and i was very
interested on the subject.
Now we are authenticating windows AD user against mit kerberos realm
with a cross-domain trust, and with windows client everythings works.
Ie. Authentication is done with kerberos mit and authorization is done
with windows AD.
2001 Sep 05
1
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
>> >Could we please have a clarification on the semantics of
>> >PAM_CRED_ESTABLISH vs. the semantics of PAM_REINITIALIZE_CREDS?
>>
>> My interpretation is:
>>
>> You call PAM_ESTABLISH_CRED to create them
>> You call PAM_REINITIALIZE_CRED to update creds that can expire over time,
>> for example a kerberos ticket.
Oops. I meant
2010 Apr 16
1
offline logon in 3.4.7-58
Having issues adapting our 3.4 configuration that worked very well using idmap rid in 3.3.
It seems like winbind does not cache the credentials despite all of the settings being present. I can set winbind offline via smbcontrol and have it work, but if I reboot the machine (important for my laptops) off the network winbind complains that it can't find the logon server.
When disconnected and
2017 Aug 16
2
Cannot login with method=GSSAPI
I am migrating an existing dovecot server to a new server. The existing
server uses pam_krb5 and works with the plain and gssapi methods. The new
server plain/pam_krb5 normal password authentication works. However, the
gssapi (tickets) authentication is producing the following error:
=== Begin Error ====
imap-login: Disconnected (no auth attempts in 0 secs): user=<>,
rip=192.168.7.61,
2007 Sep 17
2
Compiling mod_webauth on CentOS 5 - krb dependency failure
Hello all,
When I try to compile the mod_webauth module on CentOS 5, the dependencies
for Kerberos fail. I have the Kerberos libs installed, which is what I
assume it's complaining about. Ideas? Is there an RPM missing? Here's
some of what I found:
[root at localhost webauth-3.5.4]# ./configure
checking for gcc... gcc
checking for C compiler default output file name... a.out
2007 Apr 13
1
Samba3 : no suitable range available for sid
I'm setting up a freebsd server which will authenticate against an
Active Directory
I mean: the server will NOT have any local users (except mandatory and
minimum
required for management and configuration) and will authenticate requests
for login and access
FOR EVERY SERVICE against an Active Directory Server
I have configured the samba service and currently I can
login to local terminal,