Displaying 6 results from an estimated 6 matches for "adsus".
Did you mean:
asus
2006 Sep 29
0
pam_winbind causing local user login failures on 3.0.23c ... and a couple of other things
...ssion required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
/var/log/messages is as follows:
........
Sep 28 18:31:09 computer1 sshd(pam_unix)[13565]: authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=computer2.example.com
user=adsuser
Sep 28 18:31:09 computer1 pam_winbind[13565]: user 'adsuser' OK
Sep 28 18:31:09 computer1 pam_winbind[13565]: user 'adsuser' granted access
Sep 28 18:31:09 computer1 pam_winbind[13565]: user 'adsuser' OK
Sep 28 18:31:09 computer1 pam_winbind[13565]: user 'adsuser'...
2004 Feb 02
0
ADS winbind/krb5 error
...or
kerberos MIT, configured smb.conf and krb5.conf.
Run net ads join -U administrator and it worked, i can see the machine account in the active directory. From
my linux box I can smbclient -U user -L windows2kclient and I get the list of the shares, while if i do from
my linuxbox smbclient -U adsuser -L localhost i get this error:
[root@fbcsrvsmb01 root]# smbclient -U user -L 192.168.100.10
Password:
session setup failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
When I start winbind I get this error:
[2004/02/02 17:51:58, 1] nsswitch/winbindd.c:main(843)
winbindd version 3.0.2rc2 started....
2006 Apr 09
1
Can pam_winbind be configured to issue Kerberos tickets on user validation?
Hi
I have Samba 3 running on Fedora 4, configured to use pam_winbind to
validate user logins against my W2K ADS. Logins are fully functional using
names such as adsdomain.adsuser (I have the fullstop character configured as
my winbind seperator).
This is all working fine.
What I would now like to do, is to have a Kerberos ticket from the ADS
Kerberos realm issued to the user that has just logged in, without the user
having to re-validate themselves using kinit.
The...
2005 May 21
1
ssh + pam_winbind error 'incorrect password or invaid membership'
...e following tests:
smbd -b |egrep 'KRB|LDAP' # Shows Samba has needed Libs.
wbinfo -u # Shows winbind is doing lookups from ADS
johns
wbinfo -g # Shows winbind is doing lookups from ADS
getent passwd # Shows nsswitch is correct, to resolve
ADSusers.
johns:x:10000:10000:John Stile:/home/MS/johns:/usr/local/bin/bash
getent group # Shows nsswitch is correct, to resolve ADS
groups.
net ads info # Show AD info
LDAP server: 192.168.50.42
LDAP server name: stan
Realm: MS.STILEN.COM
Bind Path: dc=MS,dc=STILEN,dc=CO...
2006 Apr 10
0
Can pam_winbind be configured to issue Kerberos tickets onuser validation?
> -----Original Message-----
>
> I've tried to use the pam_krb5 module, but as pam modules
> validate the user as given, pam_krb5 is trying to match the
> password to adsdomain.adsuser@ADSDOMAIN.REALM.... so it fails.
>
Pam_krb5 can be configured to convert winbind usernames back into
principal names, by means of some regexp matching and template filling
magic. It it 'underdocumented' - perhaps you even need to grab the
source RPM and look there? I can't rem...
2004 Oct 27
1
winbind: using idmap only if user doesn't exist in UNIX getpw*(3) ?
...ement to use winbind to allocate UID/GIDs for
users but only if they aren't in the non-winbind nsswitch sources.
I.e, given
smb.conf ; samba 3.0.7
realm = DOMAIN
workgroup = DOMAIN
log level = 3 idmap:10 winbind:10
idmap gid = 50000-59999
idmap uid = 50000-59999
ADS users:
DOMAIN\adsuser1 ; only in ADS, not NIS
DOMAIN\adsuser2 ; only in ADS, not NIS
DOMAIN\user1
DOMAIN\user2
NIS passwd:
user1:*:10001:20000:&:/home/user1:/bin/sh
user2:*:10002:20000:&:/home/user2:/bin/sh
I want name<->uid loops to return "10001" for user1 and a
winbind allocated...