VigneshDhanraj G
2015-Oct-12 07:24 UTC
[Samba] getting error Ignoring parameter browse directory and winbind sequence directory
Hi Rowland, Yes, Joined to the domain, ftp uses pam authentication. After upgrading samba On Fri, Oct 9, 2015 at 8:08 PM, Rowland Penny <rowlandpenny241155 at gmail.com> wrote:> On 09/10/15 15:28, VigneshDhanraj G wrote: > >> Hi Rowland, >> >> I updated samba from 40.25 to 4.1.20, now ftp is not working. >> >> > Very cryptic, why isn't ftp working ? > ftp is not part of Samba, but should work with it. > Have you changed your smb.conf to something that looks like the one here: > > https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server > > Is the computer joined to the domain? > > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
VigneshDhanraj G
2015-Oct-12 07:27 UTC
[Samba] getting error Ignoring parameter browse directory and winbind sequence directory
Hi Rowland, Thanks for the help. Yes, Joined to the domain, ftp uses pam authentication. After upgrading samba i found ftp pam authentication not working /etc/pam.d/ftp contains #%PAM-1.0 auth sufficient /lib/security/pam_smbpass.so auth sufficient /lib/security/pam_winbind.so cached_login auth required /lib/security/pam_winbind.so krb5_auth account required /lib/security/pam_nologin.so account sufficient /lib/security/pam_smbpass.so account required /lib/security/pam_winbind.so password sufficient /lib/security/pam_smbpass.so password required /lib/security/pam_winbind.so session required /lib/security/pam_unix.so here, we want to change anything? Regards, Vigneshdhanraj On Mon, Oct 12, 2015 at 12:54 PM, VigneshDhanraj G < vigneshdhanraj.g at gmail.com> wrote:> Hi Rowland, > Yes, Joined to the domain, ftp uses pam authentication. After upgrading > samba > > On Fri, Oct 9, 2015 at 8:08 PM, Rowland Penny < > rowlandpenny241155 at gmail.com> wrote: > >> On 09/10/15 15:28, VigneshDhanraj G wrote: >> >>> Hi Rowland, >>> >>> I updated samba from 40.25 to 4.1.20, now ftp is not working. >>> >>> >> Very cryptic, why isn't ftp working ? >> ftp is not part of Samba, but should work with it. >> Have you changed your smb.conf to something that looks like the one here: >> >> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server >> >> Is the computer joined to the domain? >> >> >> Rowland >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > >
Rowland Penny
2015-Oct-12 10:44 UTC
[Samba] getting error Ignoring parameter browse directory and winbind sequence directory
On 12/10/15 08:27, VigneshDhanraj G wrote:> Hi Rowland, > > Thanks for the help. > > Yes, Joined to the domain, ftp uses pam authentication. After > upgrading samba i found ftp pam authentication not working > > /etc/pam.d/ftp contains > > #%PAM-1.0 > auth sufficient /lib/security/pam_smbpass.so > auth sufficient /lib/security/pam_winbind.so cached_login > auth required /lib/security/pam_winbind.so krb5_auth > account required /lib/security/pam_nologin.so > account sufficient /lib/security/pam_smbpass.so > account required /lib/security/pam_winbind.so > password sufficient /lib/security/pam_smbpass.so > password required /lib/security/pam_winbind.so > session required /lib/security/pam_unix.so > > here, we want to change anything? > >OK, I have installed proftpd on a Debian Jessie Samba 4.3.0 domain member and set it up to use AD for authentication and it works for me (note, I did not use ldap authentication, I used PAM) My PAM setup is this: /etc/pam.d/proftpd auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed @include common-auth @include common-account @include common-session /etc/pam.d/common-auth auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass auth requisite pam_deny.so auth required pam_permit.so /etc/pam.d/common-account account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so account [success=1 new_authtok_reqd=done default=ignore] pam_winbind.so account requisite pam_deny.so account required pam_permit.so account required pam_krb5.so minimum_uid=1000 /etc/pam.d/common-session session [default=1] pam_permit.so session requisite pam_deny.so session required pam_permit.so session optional pam_krb5.so minimum_uid=1000 session required pam_unix.so session optional pam_winbind.so session optional pam_ck_connector.so nox11 My /etc/proftpd/proftpd.conf # most of the commented lines removed # Includes DSO modules Include /etc/proftpd/modules.conf UseIPv6 off IdentLookups off ServerName "My Server Name" ServerType standalone DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayChdir .message true ListOptions "-l" DenyFilter \*.*/ DefaultRoot ~ Port 21 <IfModule mod_dynmasq.c> # DynMasqRefresh 28800 </IfModule> MaxInstances 30 User proftpd Group nogroup Umask 022 022 AllowOverwrite on PersistentPasswd off # This is required to use both PAM-based authentication and local passwords AuthOrder mod_auth_pam.c* mod_auth_unix.c AuthPAMConfig proftpd AuthPAM On TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log <IfModule mod_quotatab.c> QuotaEngine off </IfModule> <IfModule mod_ratio.c> Ratios off </IfModule> <IfModule mod_delay.c> DelayEngine on </IfModule> <IfModule mod_ctrls.c> ControlsEngine off ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock </IfModule> <IfModule mod_ctrls_admin.c> AdminControlsEngine off </IfModule> Include /etc/proftpd/conf.d/ Rowland