similar to: getent passwd/group worsk but user authentication does not work (SAMBA4/SSSD) (Urgent request)

Hi everyone, I am struggling to promote a samba 3.0.10 standalone server to a BDC, because it cannot contact the PDC which is on a different subnet connected via a VPN. Having lost several days I believe this may be because it Samba is broadcasting WINS domain discovery requests on its local subnet, which of course it not reaching the PDC as broadcasts are not sent across the VPN. The PDC is

On May 8, 2015, at 11:14 AM, Ulrich Hiller <hiller at mpia-hd.mpg.de> wrote: > > /etc/pam.d/system-auth: > ----------------------- > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required pam_env.so > auth sufficient pam_unix.so nullok try_first_pass > auth

Hmmm...., i have made now a complete new install but the problem persists: ldap authentication works, but the host attribute is ignored. I have installed CentOS7 64bit with KDE. I did not do any 'yum update' or install of extra packages so far. these pam and ldap packages are installed: openldap-devel-2.4.39-6.el7.x86_64 openssh-ldap-6.6.1p1-11.el7.x86_64 openldap-2.4.39-6.el7.x86_64

I am still not understanding why your using MD5? Is it because everyone in InfoSec declared that everyone finally went from md5 to sha512 or what? -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Ulrich Hiller Sent: Monday, May 11, 2015 1:40 PM To: CentOS mailing list Subject: Re: [CentOS] ldap host attribute is ignored one more

>> But instead i get >> centos: sshd[7929]: pam_unix(sshd:session): session opened for user >> <username> > > "pam_unix" should be an indication that <username> appears in the local > unix password files. Make sure that it doesn't. Nope. None of the usernames i tried is in /etc/passwd or /etc/shadow > > What do /etc/pam.d/sshd and

one more thing: firewalld service and selinux are deactivated. On 05/11/2015 07:06 PM, Ulrich Hiller wrote: > Hmmm...., i have made now a complete new install but the problem > persists: ldap authentication works, but the host attribute is ignored. > > I have installed CentOS7 64bit with KDE. > I did not do any 'yum update' or install of extra packages so far. > >

On 31/01/2020 18:47, Rowland penny via samba wrote: > in /etc/resolv.conf on Linux clients and I don't have a problem when DNS disconnects on the first nameserver. Just to check, should the 'nameserver' entries in /etc/resolv.conf on the DCs be... nameserver 127.0.0.1 or nameserver 192.168.0.218 I have it as the latter - taken from the Wiki... "On your DC, set the AD DNS

Hi, mail is delivered by Dovecot's LMTP locally and I need user's home directory to be created if it doesn't exist yet. There is a setting in Dovecot's configuration, "session=yes", in /etc/Dovecot/conf.d/auth-system.conf.ext, which should do that. passdb { driver = pam args = session=yes dovecot } But I think it does not work in my setup because I do not see any

Hi, mail is delivered by Dovecot's lmtp locally and I need user's home directory to be created if it doesn't exist yet. There is a setting in Dovecot's configuration, "session=yes", in /etc/Dovecot/conf.d/auth-system.conf.ext, which should do that. passdb { driver = pam args = session=yes dovecot } But I think it does not work in my setup because I do not see

oups.. that was the reason # authconfig --disablesssd --disablesssdauth --enablekrb5 --enablewinbind --enablewinbindauth --enablemkhomedir --update ssh sftp works now Thank you very much Rowland. Le 21/06/2019 ? 12:57, Rowland penny via samba a ?crit?: > On 21/06/2019 16:49, Edouard Guign? via samba wrote: >> Yes, I have only one domain. >> >> Even after added

Yes, I have only one domain. Even after added "winbind use default domain = yes" to smb.cnf, I cannot ssh : /Jun 21 12:43:59 [localhost] sshd[5938]: pam_sss(sshd:auth): Request to sssd failed. Connection refused// //Jun 21 12:43:59 [localhost] sshd[5938]: pam_krb5[5938]: TGT verified using key for 'host/mysambserver at MYDOMAIN.LOCAL'// //Jun 21 12:43:59 [localhost]

Hi all, I have a running Samba4 Server. I am able to authenticate Windows and Linux Clients very. (1) I want to use samba4 as SSO. In this regard my next step is to authenticate our web site users from samba4 server. In this web site, at home page our corporate users give their e-mail address username at companydomain.com and password (not e-mail password). (2) Our E-mail server is hosted on

Dear list members, i have installed a CentOS 7 x86_64 system. I want to let users authenticate over our ldap server. This seems to be working. ldap-username and ldap-passwords are accepted for the users configured in the ldap server. No problem. Now i want to restrict the access to users who have my centos-machine in their ldap host attribute. My problem is, that this host attribute seems to be

Hi Everyone, I made some small changes in my dovecot setup to switch it from looking up users and passwords from a mix of ldap (i.e. freeipa) and password files. One of the changes was to switch from using one id for all authentication to using individual ids) It's working fine with Evolution. I have one account authenticating with GSSAPI, which is my userid for logging into my desktop and

Hello Samba List, I am struggling with connecting samba to our AD servers. Thought it will be easy as before but I was wrong. DCs: Windows Server 2012 (2x) with AD Domain Forest/Level 2003 NATIVE. + SBS 2003 (will be removed, migrating from SBS AD to new 2012 servers) -standard AD schema with exchange attributes DID NOT INSTALL UNIX attributes. This is required for SSSD. Thought i would go

On 16/07/2020 16:11, L.P.H. van Belle via samba wrote: > First of all, why does the DOMAIN contains/shows a dot in it. > ( i think its a wrong setting in sssd, but i dont know sssd ) > I know this is one of your REALMs and not the domain. > > > Now your lines : > Works Yes: Jul 16 11:23:48 uc-sssdlbox20 sshd[2048]: pam_sss(sshd:auth): authentication success; logname= uid=0

Thanks a lot for looking over the config. I am at the topic "user data is available" id <username> and getent passwd and ldapsearch -x -b "ou=XXX,o=YYY" uid=<username> give the correct results ldapsearch gives also the correct host attribute i have set in the ldap server. Regarding the manpage of sssd.conf the lines access_provider = ldap ldap_access_order =

Dear folks, After updating some of our servers to CentOS 6.8, we've noticed that the ones using pam_sss.so for authentication, appear to be suffering from a leak of sorts. On these systems, the /var partition is running out of disk space, and we eventually noticed that it's because of deleted, but still open files like these: httpd 1081 apache 8r REG 253,2

Hello All, these days one of my tasks is connecting some Centos7 laptops to Freeipa, also running on Centos7. After doing that, some users report nog being able to unlock their screens. Only after reboot are they able to login again. I see this em in /var/log/secure: Aug 10 13:34:37 **** mate-screensaver-dialog: pam_sss(mate-screensaver:auth): authentication failure; logname= uid=382900663

On Wed, 2020-09-16 at 23:03 -0400, Ranbir wrote: > auth worker: PASSV: pam_sss(dovecot:auth): authentication failure; > logname= uid=97 euid=97 tty=dovecot ruser=ranbir rhost=1.2.3.4 > user=ranbir > auth worker: PASSV: pam_sss(dovecot:auth): received for user ranbir: > 17 (Failure setting user credentials) > It doesn't matter what user or group I use for unix_listener. If I