thr3ads.net - freebsd security - I have no name prompt and no passwords recognized [Nov 2016]

If this information is useful, please help other people find it:
Share via:

Ronny Forberger

2016-Nov-13 10:29 UTC

I have no name prompt and no passwords recognized

Hi,
> Alan Hicks via freebsd-security <freebsd-security at freebsd.org> hat
am 13.
> November 2016 um 10:37 geschrieben:
>
>
>
> On 12/11/2016 17:07, Ronny Forberger wrote:
> > Hi,
> > I am using SSSD and FreeBSD to authenticate against samba4.
> > I used this howto setting all up:
> >
http://serverfault.com/questions/599200/how-to-integrate-active-directory-with-freebsd-10-0-using-security-sssd
> >
> > But when I want to logon using password, i.e. via dovecot I get wrong
> > password.
> > Neigher can I use sudo typing the correct samba4 password.
> >
> > Also I get a prompt [I have no name!@HOSTNAME] and my files, which I
chowned
> > &
> > chgrped to the samba user and group only show IDs as owner.
> This means the system does not know who you are. What authentication
> system are you using? For example using net/nss-pam-ldap here gives the
> same error when ldap goes away or upgrading ports. Restarting the
> authentication service restores access here. 
I am using sssd but restarting sssd didn't help. Any other
ideas?>
> >
> > Any ideas how to solve this? Can this maybe be a permission problem
with
> > some
> > file for sssd / NSS which an unprivileged user cannot read?
> >
> > Best regards,
> > Ronny Forberger
> > ___________________________________
> > Ronny Forberger
> > ronnyforberger at ronnyforberger.de
> > PGP: http://www.ronnyforberger.de/pgp/email-encryption.html
> > _______________________________________________
> > freebsd-security at freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-security
> > To unsubscribe, send any mail to "freebsd-security-unsubscribe at
freebsd.org"
> >
>
> Regards,
> Alan
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at
freebsd.org"
>Best regards,
Ronny
___________________________________
Ronny Forberger
ronnyforberger at ronnyforberger.de
PGP: http://www.ronnyforberger.de/pgp/email-encryption.html

Ronny Forberger

2016-Nov-13 16:04 UTC

head link

I have no name prompt and no passwords recognized

> Ronny Forberger <ronnyforberger at ronnyforberger.de> hat am 13.
November 2016 um
> 11:29 geschrieben:
> 
>  Hi,
> 
>  > Alan Hicks via freebsd-security <freebsd-security at
freebsd.org> hat am 13.
>  > November 2016 um 10:37 geschrieben:
>  >
>  >
>  >
>  > On 12/11/2016 17:07, Ronny Forberger wrote:
>  > > Hi,
>  > > I am using SSSD and FreeBSD to authenticate against samba4.
>  > > I used this howto setting all up:
>  > >
http://serverfault.com/questions/599200/how-to-integrate-active-directory-with-freebsd-10-0-using-security-sssd
>  > >
>  > > But when I want to logon using password, i.e. via dovecot I get
wrong
>  > > password.
>  > > Neigher can I use sudo typing the correct samba4 password.
>  > >
>  > > Also I get a prompt [I have no name!@HOSTNAME] and my files,
which I
>  > > chowned &
>  > > chgrped to the samba user and group only show IDs as owner.
>  > This means the system does not know who you are. What authentication
>  > system are you using? For example using net/nss-pam-ldap here gives
the
>  > same error when ldap goes away or upgrading ports. Restarting the
>  > authentication service restores access here.
>   
>  I am using sssd but restarting sssd didn't help. Any other ideas?
> 
 

I found out, that /var/run/sss needed mode 0755.

But I still can't use passwords.

My /etc/pam.d/system looks like:

# auth
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth sufficient /usr/local/lib/pam_sss.so
auth required pam_unix.so no_warn try_first_pass nullok

# account
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
account required /usr/local/lib/pam_sss.so ignore_unknown_user

# session
#session optional pam_ssh.so want_agent
session required pam_lastlog.so no_fail
session optional /usr/local/lib/pam_sss.so

# password
#password sufficient pam_krb5.so no_warn try_first_pass
password sufficient /usr/local/lib/pam_sss.so use_authtok
password required pam_unix.so no_warn try_first_pass

 

What am I doing wrong?

Best regards,

Ronny
>  >
>  > >
>  > > Any ideas how to solve this? Can this maybe be a permission
problem with
>  > > some
>  > > file for sssd / NSS which an unprivileged user cannot read?
>  > >
>  > > Best regards,
>  > > Ronny Forberger
>  > > ___________________________________
>  > > Ronny Forberger
>  > > ronnyforberger at ronnyforberger.de
>  > > PGP: http://www.ronnyforberger.de/pgp/email-encryption.html
>  > > _______________________________________________
>  > > freebsd-security at freebsd.org mailing list
>  > > https://lists.freebsd.org/mailman/listinfo/freebsd-security
>  > > To unsubscribe, send any mail to
>  > > "freebsd-security-unsubscribe at freebsd.org"
>  > >
>  >
>  > Regards,
>  > Alan
>  > _______________________________________________
>  > freebsd-security at freebsd.org mailing list
>  > https://lists.freebsd.org/mailman/listinfo/freebsd-security
>  > To unsubscribe, send any mail to "freebsd-security-unsubscribe
at freebsd.org"
>  >
>  Best regards,
>  Ronny
>  ___________________________________
>  Ronny Forberger
>  ronnyforberger at ronnyforberger.de
>  PGP: http://www.ronnyforberger.de/pgp/email-encryption.html
> 
 
___________________________________
Ronny Forberger
ronnyforberger at ronnyforberger.de
PGP: http://www.ronnyforberger.de/pgp/email-encryption.html

Ronny Forberger

2016-Nov-13 16:05 UTC

head link

I have no name prompt and no passwords recognized

> Ronny Forberger <ronnyforberger at ronnyforberger.de> hat am 13.
November 2016 um
> 11:29 geschrieben:
> 
>  Hi,
> 
>  > Alan Hicks via freebsd-security <freebsd-security at
freebsd.org> hat am 13.
>  > November 2016 um 10:37 geschrieben:
>  >
>  >
>  >
>  > On 12/11/2016 17:07, Ronny Forberger wrote:
>  > > Hi,
>  > > I am using SSSD and FreeBSD to authenticate against samba4.
>  > > I used this howto setting all up:
>  > >
http://serverfault.com/questions/599200/how-to-integrate-active-directory-with-freebsd-10-0-using-security-sssd
>  > >
>  > > But when I want to logon using password, i.e. via dovecot I get
wrong
>  > > password.
>  > > Neigher can I use sudo typing the correct samba4 password.
>  > >
>  > > Also I get a prompt [I have no name!@HOSTNAME] and my files,
which I
>  > > chowned &
>  > > chgrped to the samba user and group only show IDs as owner.
>  > This means the system does not know who you are. What authentication
>  > system are you using? For example using net/nss-pam-ldap here gives
the
>  > same error when ldap goes away or upgrading ports. Restarting the
>  > authentication service restores access here.
>   
>  I am using sssd but restarting sssd didn't help. Any other ideas?
> 
I found out, that /var/run/sss needed mode 0755.

But I still can't use passwords.

My /etc/pam.d/system looks like:

# auth
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth sufficient /usr/local/lib/pam_sss.so
auth required pam_unix.so no_warn try_first_pass nullok

# account
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
account required /usr/local/lib/pam_sss.so ignore_unknown_user

# session
#session optional pam_ssh.so want_agent
session required pam_lastlog.so no_fail
session optional /usr/local/lib/pam_sss.so

# password
#password sufficient pam_krb5.so no_warn try_first_pass
password sufficient /usr/local/lib/pam_sss.so use_authtok
password required pam_unix.so no_warn try_first_pass

 

What am I doing wrong?

Best regards,

Ronny
>  >
>  > >
>  > > Any ideas how to solve this? Can this maybe be a permission
problem with
>  > > some
>  > > file for sssd / NSS which an unprivileged user cannot read?
>  > >
>  > > Best regards,
>  > > Ronny Forberger
>  > > ___________________________________
>  > > Ronny Forberger
>  > > ronnyforberger at ronnyforberger.de
>  > > PGP: http://www.ronnyforberger.de/pgp/email-encryption.html
>  > > _______________________________________________
>  > > freebsd-security at freebsd.org mailing list
>  > > https://lists.freebsd.org/mailman/listinfo/freebsd-security
>  > > To unsubscribe, send any mail to
>  > > "freebsd-security-unsubscribe at freebsd.org"
>  > >
>  >
>  > Regards,
>  > Alan
>  > _______________________________________________
>  > freebsd-security at freebsd.org mailing list
>  > https://lists.freebsd.org/mailman/listinfo/freebsd-security
>  > To unsubscribe, send any mail to "freebsd-security-unsubscribe
at freebsd.org"
>  >
>  Best regards,
>  Ronny
>  ___________________________________
>  Ronny Forberger
>  ronnyforberger at ronnyforberger.de
>  PGP: http://www.ronnyforberger.de/pgp/email-encryption.html
> 
 
___________________________________
Ronny Forberger
ronnyforberger at ronnyforberger.de
PGP: http://www.ronnyforberger.de/pgp/email-encryption.html

freebsd security - Nov 2016 - I have no name prompt and no passwords recognized

I have no name prompt and no passwords recognized

I have no name prompt and no passwords recognized

I have no name prompt and no passwords recognized