Hi,> Alan Hicks via freebsd-security <freebsd-security at freebsd.org> hat am 13. > November 2016 um 10:37 geschrieben: > > > > On 12/11/2016 17:07, Ronny Forberger wrote: > > Hi, > > I am using SSSD and FreeBSD to authenticate against samba4. > > I used this howto setting all up: > > http://serverfault.com/questions/599200/how-to-integrate-active-directory-with-freebsd-10-0-using-security-sssd > > > > But when I want to logon using password, i.e. via dovecot I get wrong > > password. > > Neigher can I use sudo typing the correct samba4 password. > > > > Also I get a prompt [I have no name!@HOSTNAME] and my files, which I chowned > > & > > chgrped to the samba user and group only show IDs as owner. > This means the system does not know who you are. What authentication > system are you using? For example using net/nss-pam-ldap here gives the > same error when ldap goes away or upgrading ports. Restarting the > authentication service restores access here.I am using sssd but restarting sssd didn't help. Any other ideas?> > > > > Any ideas how to solve this? Can this maybe be a permission problem with > > some > > file for sssd / NSS which an unprivileged user cannot read? > > > > Best regards, > > Ronny Forberger > > ___________________________________ > > Ronny Forberger > > ronnyforberger at ronnyforberger.de > > PGP: http://www.ronnyforberger.de/pgp/email-encryption.html > > _______________________________________________ > > freebsd-security at freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org" > > > > Regards, > Alan > _______________________________________________ > freebsd-security at freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org" >Best regards, Ronny ___________________________________ Ronny Forberger ronnyforberger at ronnyforberger.de PGP: http://www.ronnyforberger.de/pgp/email-encryption.html
> Ronny Forberger <ronnyforberger at ronnyforberger.de> hat am 13. November 2016 um > 11:29 geschrieben: > > Hi, > > > Alan Hicks via freebsd-security <freebsd-security at freebsd.org> hat am 13. > > November 2016 um 10:37 geschrieben: > > > > > > > > On 12/11/2016 17:07, Ronny Forberger wrote: > > > Hi, > > > I am using SSSD and FreeBSD to authenticate against samba4. > > > I used this howto setting all up: > > > http://serverfault.com/questions/599200/how-to-integrate-active-directory-with-freebsd-10-0-using-security-sssd > > > > > > But when I want to logon using password, i.e. via dovecot I get wrong > > > password. > > > Neigher can I use sudo typing the correct samba4 password. > > > > > > Also I get a prompt [I have no name!@HOSTNAME] and my files, which I > > > chowned & > > > chgrped to the samba user and group only show IDs as owner. > > This means the system does not know who you are. What authentication > > system are you using? For example using net/nss-pam-ldap here gives the > > same error when ldap goes away or upgrading ports. Restarting the > > authentication service restores access here. > > I am using sssd but restarting sssd didn't help. Any other ideas? >I found out, that /var/run/sss needed mode 0755. But I still can't use passwords. My /etc/pam.d/system looks like: # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth sufficient /usr/local/lib/pam_sss.so auth required pam_unix.so no_warn try_first_pass nullok # account #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so account required /usr/local/lib/pam_sss.so ignore_unknown_user # session #session optional pam_ssh.so want_agent session required pam_lastlog.so no_fail session optional /usr/local/lib/pam_sss.so # password #password sufficient pam_krb5.so no_warn try_first_pass password sufficient /usr/local/lib/pam_sss.so use_authtok password required pam_unix.so no_warn try_first_pass What am I doing wrong? Best regards, Ronny> > > > > > > > Any ideas how to solve this? Can this maybe be a permission problem with > > > some > > > file for sssd / NSS which an unprivileged user cannot read? > > > > > > Best regards, > > > Ronny Forberger > > > ___________________________________ > > > Ronny Forberger > > > ronnyforberger at ronnyforberger.de > > > PGP: http://www.ronnyforberger.de/pgp/email-encryption.html > > > _______________________________________________ > > > freebsd-security at freebsd.org mailing list > > > https://lists.freebsd.org/mailman/listinfo/freebsd-security > > > To unsubscribe, send any mail to > > > "freebsd-security-unsubscribe at freebsd.org" > > > > > > > Regards, > > Alan > > _______________________________________________ > > freebsd-security at freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org" > > > Best regards, > Ronny > ___________________________________ > Ronny Forberger > ronnyforberger at ronnyforberger.de > PGP: http://www.ronnyforberger.de/pgp/email-encryption.html >___________________________________ Ronny Forberger ronnyforberger at ronnyforberger.de PGP: http://www.ronnyforberger.de/pgp/email-encryption.html
> Ronny Forberger <ronnyforberger at ronnyforberger.de> hat am 13. November 2016 um > 11:29 geschrieben: > > Hi, > > > Alan Hicks via freebsd-security <freebsd-security at freebsd.org> hat am 13. > > November 2016 um 10:37 geschrieben: > > > > > > > > On 12/11/2016 17:07, Ronny Forberger wrote: > > > Hi, > > > I am using SSSD and FreeBSD to authenticate against samba4. > > > I used this howto setting all up: > > > http://serverfault.com/questions/599200/how-to-integrate-active-directory-with-freebsd-10-0-using-security-sssd > > > > > > But when I want to logon using password, i.e. via dovecot I get wrong > > > password. > > > Neigher can I use sudo typing the correct samba4 password. > > > > > > Also I get a prompt [I have no name!@HOSTNAME] and my files, which I > > > chowned & > > > chgrped to the samba user and group only show IDs as owner. > > This means the system does not know who you are. What authentication > > system are you using? For example using net/nss-pam-ldap here gives the > > same error when ldap goes away or upgrading ports. Restarting the > > authentication service restores access here. > > I am using sssd but restarting sssd didn't help. Any other ideas? >I found out, that /var/run/sss needed mode 0755. But I still can't use passwords. My /etc/pam.d/system looks like: # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth sufficient /usr/local/lib/pam_sss.so auth required pam_unix.so no_warn try_first_pass nullok # account #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so account required /usr/local/lib/pam_sss.so ignore_unknown_user # session #session optional pam_ssh.so want_agent session required pam_lastlog.so no_fail session optional /usr/local/lib/pam_sss.so # password #password sufficient pam_krb5.so no_warn try_first_pass password sufficient /usr/local/lib/pam_sss.so use_authtok password required pam_unix.so no_warn try_first_pass What am I doing wrong? Best regards, Ronny> > > > > > > > Any ideas how to solve this? Can this maybe be a permission problem with > > > some > > > file for sssd / NSS which an unprivileged user cannot read? > > > > > > Best regards, > > > Ronny Forberger > > > ___________________________________ > > > Ronny Forberger > > > ronnyforberger at ronnyforberger.de > > > PGP: http://www.ronnyforberger.de/pgp/email-encryption.html > > > _______________________________________________ > > > freebsd-security at freebsd.org mailing list > > > https://lists.freebsd.org/mailman/listinfo/freebsd-security > > > To unsubscribe, send any mail to > > > "freebsd-security-unsubscribe at freebsd.org" > > > > > > > Regards, > > Alan > > _______________________________________________ > > freebsd-security at freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org" > > > Best regards, > Ronny > ___________________________________ > Ronny Forberger > ronnyforberger at ronnyforberger.de > PGP: http://www.ronnyforberger.de/pgp/email-encryption.html >___________________________________ Ronny Forberger ronnyforberger at ronnyforberger.de PGP: http://www.ronnyforberger.de/pgp/email-encryption.html