Displaying 20 results from an estimated 30 matches for "authn".
Did you mean:
auth
2023 Oct 22
1
Question about silos and Authentication policies
...assignment to the user and the
host will be done at the same time. So now my policy looks like that:
-------------
root at addc-01:~# samba-tool domain auth policy view --name=winclient-pol
{
"cn": "winclient-pol",
"distinguishedName": "CN=winclient-pol,CN=AuthN Policies,CN=AuthN
Policy Configuration,CN=Services,CN=Configuration,DC=example,DC=net",
"dn": "CN=winclient-pol,CN=AuthN Policies,CN=AuthN Policy
Configuration,CN=Services,CN=Configuration,DC=example,DC=net",
"instanceType": 4,
"msDS-AuthNPolicyEnf...
2023 Oct 23
2
Question about silos and Authentication policies
...> the host will be done at the same time. So now my policy looks like that:
> -------------
> root at addc-01:~#? samba-tool domain auth policy view --name=winclient-pol
> {
> ? "cn": "winclient-pol",
> ? "distinguishedName": "CN=winclient-pol,CN=AuthN Policies,CN=AuthN
> Policy Configuration,CN=Services,CN=Configuration,DC=example,DC=net",
> ? "dn": "CN=winclient-pol,CN=AuthN Policies,CN=AuthN Policy
> Configuration,CN=Services,CN=Configuration,DC=example,DC=net",
> ? "instanceType": 4,
> ? &qu...
2023 Oct 23
2
Question about silos and Authentication policies
...o now my policy looks like
> > that:
> > -------------
> > root at addc-01:~# samba-tool domain auth policy view --
> > name=winclient-pol
> > {
> > "cn": "winclient-pol",
> > "distinguishedName": "CN=winclient-pol,CN=AuthN
> > Policies,CN=AuthN
> > Policy
> > Configuration,CN=Services,CN=Configuration,DC=example,DC=net",
> > "dn": "CN=winclient-pol,CN=AuthN Policies,CN=AuthN Policy
> > Configuration,CN=Services,CN=Configuration,DC=example,DC=net",
> >...
2023 Oct 30
2
Question about silos and Authentication policies
I was playing around again with Windows and when you add members to
silos, or remove them, it should not set/unset assigned silo on the user.
So I've got a new pull request in Draft state still where I remove that
functionality, as well as add some new commands to samba-tool user command.
It turned out to be easier to add sub commands to user, as edit user
wasn't quite what I thought
2012 May 15
1
would like to use samba3 pdc, no ldap account backend db, but use ldap for authN
...not use LDAP as the account backend database, and
3) specify samba to use but use "encrypt passwords = true", and
4) use an ldap server as the authentication source for samba.
Is that possible?
I'd assumed it would be given that samba is pam-aware, and I can tell pam to use ldap for authN.
However, the man page for smb.conf seems to say no, as it says that "obey pam restrictions = true" will be ignored when "encrypt password" is set to true.
Am I understanding this correctly? Is there a work-around? I don't want to add the samba schema to my existing ldap...
2012 May 09
2
AD and SAMBA
Hello all,
I am trying to understand how SAMBA finds nearest Domain Controller when
configured to use Active Directory for AuthN.
There are some great articles and wikis about how to configure SAMBA
against AD, but couldn't find much on what I was looking for.
For example
1. Does Samba have built in dc locator functionality like windows
clients ?
2. What is the default authN it uses, NTLM or Kerb ?
3. I understand from...
2020 Sep 24
0
Can't connect after AuthN: NT_STATUS_ACCESS_DENIED
...All necessary ports are open (137-139, 445).
>
> I'm stuck at this point. Makes zero sense to me. I have a very similar set
> up in another CentOS 8 box that works flawlessly as every other
> installation I've done in 20 years.
>
> [Snipped lines above that show successful AuthN, forced mapping to "Domain
> Users", etc. all correct]
> colive-12867 (ipv4:172.16.112.1:56106) connect to service IPC$ initially
> as user chris (uid=1000, gid=1000) (pid 98051)
> [2020/09/23 19:03:37.024156, 3]
> ../../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_r...
2013 May 06
1
Is it possible to make Samba4 use an external LDAP server for authN, and its own internal LDAP server for all other LDAP purposes?
My company uses 389-ds for its LDAP service, and all services are configured to use that LDAP for authentication.
I'd like to start using Samba4 as an AD DC, in order to control/manage MsWin computers.
It was simplest to me to install Samba4 configured to use its own internal LDAP server, rather than make it use my existing 389-ds LDAP server.
However, I want Samba4 to authenticate to the
2020 Sep 28
1
custom userdb server, Exim, and proxying
...ation. Dovecot, in turn, consults a custom internal server that answers Dovecot?s userdb queries.
When IMAP connections arrive, for some users we want to forward those connections--without authentication--to an external IMAP server. For these users, we return ?proxy_maybe? and ?nopassword? in the authn response from our userdb server. This tells Dovecot to proxy the connection to a new server without trying to authenticate.
Exim, though, doesn?t grok ?proxy_maybe?, so it just sees ?nopassword?. In response, it just skips SMTP authentication entirely.
We could address this if our custom servic...
2020 Sep 24
1
Can't connect after AuthN: NT_STATUS_ACCESS_DENIED
...39, 445).
> >
> > I'm stuck at this point. Makes zero sense to me. I have a very similar
> set
> > up in another CentOS 8 box that works flawlessly as every other
> > installation I've done in 20 years.
> >
> > [Snipped lines above that show successful AuthN, forced mapping to
> "Domain
> > Users", etc. all correct]
> > colive-12867 (ipv4:172.16.112.1:56106) connect to service IPC$
> initially
> > as user chris (uid=1000, gid=1000) (pid 98051)
> > [2020/09/23 19:03:37.024156, 3]
> > ../../source3/rpc_se...
2020 Sep 24
2
Can't connect after AuthN: NT_STATUS_ACCESS_DENIED
...s getting
through properly. All necessary ports are open (137-139, 445).
I'm stuck at this point. Makes zero sense to me. I have a very similar set
up in another CentOS 8 box that works flawlessly as every other
installation I've done in 20 years.
[Snipped lines above that show successful AuthN, forced mapping to "Domain
Users", etc. all correct]
colive-12867 (ipv4:172.16.112.1:56106) connect to service IPC$ initially
as user chris (uid=1000, gid=1000) (pid 98051)
[2020/09/23 19:03:37.024156, 3]
../../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
api_pipe_bind_req: l...
2023 Feb 23
1
Redundant Database, Pgsql ?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Wed, 2023-02-22 at 11:08 +0000, Marc wrote:
> I don't even get what the advatages are of doing this with sql. If you
> use local replicated ldap and use local credential caching then your
> master ldap can go down without issues, even the local caching handle
> some local slapd issues.
Going to have to +1 this. LDAP also does
2006 Aug 24
9
[slightly offtopic] A small, fast Apache2.2 (if there is such a thing)
Hi.
I''m using Apache2.2 built from source + mod-proxy + ssl + svn.
Everything works fine but I''m sure you I could disable a ton of
modules during the build process and in httpd.conf to speed things up
and run a tighter memory footprint.
Has anyone bothered building Apache2.2 from source disabling all the
unneeded modules.
I am planning on going through the Apache docs but I
2024 Feb 08
2
Authentication using federated identity
I know that there are some methods to use federated identities (e.g.
OAuth2) with SSH authentication but, from what I've seen, they largely
seem clunky and require users to interact with web browsers to get one
time tokens. Which is sort of acceptable for occasional logins but
doesn't work with automated/scripted actions.
I'm just wondering if anyone has done any work on this or
2006 Aug 29
28
Stability of Rails
I''ve seen a lot of issue regarding the stability of Rails apps. I''m
charged with investigation of Rails for my company and I''ve looked at
numerous fourms, groups, etc. (Textdrive, here, etc.) and it *seems*
like there is a stability problem with Rails (ie: crashes, etc.) Is
this as common as it looks, or is this tied to things like Lighttpd (web
server) or Typo
2011 Jun 22
0
Logging failed attempts to correct usernames
[ using FreeBSD 8.2, but I don't think the problem is specific to their port ]
For fail2ban purposes I'd like to log failed SSH authentication attempts
of correct (i.e., existing) usernames.
I have no issue with the logging of authn attempts to non-existing
usernames.
I've tried to set LogLevel=VERBOSE and MaxAuthAttempts=1 in sshd_config,
but even then I didn't see /var/log/auth.log entries for failed login
attempts from a third host to an existing username. (I didn't spot any
other relevant knobs in sshd_config...
2005 Sep 24
0
question regarding Perl + PAM + Winbindd
...ervice foobar), the winbind log shows that the user is authenticated
only using Plain-text. Why not challenge-response?
******************************************
package FOO::PAM;
use Authen::SimplePam;
use strict;
sub is_good_pam
{
my ($user, $pass) = @_;
my $service = "foobar";
my $authn = new Authen::SimplePam();
if ($authn->auth_user($user, $pass, $service) eq 1) {
debug("success, returning 1");
return 1;
}
else {
debug("failure, returning 0 with user=$user and pass=$pass");
return 0;
}
}
1;
******************************************
Here is the output from...
2014 Feb 09
1
master user and ACL's
...read in the docs that:
"Master user is still subject to ACLs just like any other user, which
means that by default the master user has no access to any mailboxes of
the user."
... and that the standard workaround is to return master_user=%u from
the userdb.
But why is the master_user authn-id used in the ACLs and not the
authz-id (requested-login-user) ?
Isn't the whole point of SASL authz-id semantics to have authorization
resolved based on the authz-id?
/Peter
2015 May 11
6
Authenticating Apache Against Active Directory
Hello,
Using Nagios on Ubuntu 14.04.1 LTS. I'm attempting to authenticate
users against Samba 4.2.1. When I edit 'apache2.conf' with
<Directory />
Options FollowSymLinks
AllowOverride None
Require all granted
Allow from all
AuthName "AD authentication"
AuthBasicProvider ldap
AuthType Basic
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN On
AuthLDAPURL
ldap://dc1.domain.local/172.16.232.29:389/cn=Users,dc=domain?sAMAccountName?sub?(objectClass=*)
AuthLDAPBind...
2015 Feb 25
2
Proxying of non "plain" SASL mechnisms.
...rationale for not just forward the SASL
handshake.
- First, blindly forwardning will not do, since the mech data has to be
decoded anyway to do any per/user passdb lookup (to, say, find the
target host). But you don't need authentication to actually succeed to
do that. You only need AuthZ-id or AuthN-id.
- Secondly, the design of the interaction between imap-login processes
and the auth-service in general prevent in general to forward
multi-handshake SASL mechanisms, since the authentication must be done
before the proxying can be started. But it doesn't prevent forwarding of
single handsh...