search for: cached_login

...+0000 bd730c5053df9efb via samba <samba at lists.samba.org> wrote: > > > > > > # here are the per-package modules (the "Primary" block) > > > auth [success=2 default=ignore] pam_unix.so nullok > > > auth [success=1 default=ignore] pam_winbind.so cached_login > > > krb5_auth krb5_ccache_type=FILE cached_login try_first_pass # <= > > > added cached_login, just in case # here's the fallback if no > > > module > > > > > > Which one did you add ? The one after 'pam_winbind.so' or the other > &...

...ackend=ad > > map acl inherit = Yes > > store dos attributes = Yes > > vfs objects = acl_xattr > > min domain uid = 0 > > winbind offline logon = Yes > > winbind request timeout = 10 > > > > /etc/security/pam_winbind.conf > > [global] > > cached_login = Yes > > #krb5_auth = Yes # <= Commented since it's part of > > /etc/pam.d/common-auth #krb5_ccache_type = FILE # <= Commented since > > it's part of /etc/pam.d/common-auth > > > You do not need /etc/security/pam_winbind.conf if the settings are in > /...

...=ad > map acl inherit = Yes > store dos attributes = Yes > vfs objects = acl_xattr > min domain uid = 0 > winbind offline logon = Yes > winbind request timeout = 10 > > /etc/security/pam_winbind.conf > [global] > cached_login = Yes > #krb5_auth = Yes # <= Commented since it's part of > /etc/pam.d/common-auth #krb5_ccache_type = FILE # <= Commented since > it's part of /etc/pam.d/common-auth You do not need /etc/security/pam_winbind.conf if the settings are in /etc/pam.d/common-a...

...s: auth required pam_env.so auth sufficient pam_fprintd.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth sufficient pam_winbind.so cached_login use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account [defau...

...mode = rfc2307 idmap config samdom:backend=ad map acl inherit = Yes store dos attributes = Yes vfs objects = acl_xattr min domain uid = 0 winbind offline logon = Yes winbind request timeout = 10 /etc/security/pam_winbind.conf [global] cached_login = Yes #krb5_auth = Yes # <= Commented since it's part of /etc/pam.d/common-auth #krb5_ccache_type = FILE # <= Commented since it's part of /etc/pam.d/common-auth /etc/pam.d/common-auth # # /etc/pam.d/common-auth - authentication settings common to all servic...

...tion system. For instance, in /etc/pam.d/common-auth I have: auth [success=3 default=ignore] pam_krb5.so minimum_uid=10000 auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass And /etc/nsswitch.conf has these two lines: passwd: compat winbind group: compat winbind This is on my laptop and I have 'winbind offline logon = yes' set in smb.conf If I go anywhere (away from the domain), I can still log into the laptop as my domain us...

...fix the winbind part. First install libpam-krb5, then create a file: /usr/share/pam-configs/winbind containing this: Name: Winbind NT/Active Directory authentication Default: yes Priority: 192 Auth-Type: Primary Auth: [success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass Auth-Initial: [success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login Account-Type: Primary Account: [success=end new_authtok_reqd=done default=ignore] pam_winbind.so Password-Type: Primary Password: [success=end default=ignore] pam_winbind.so use_...

...ind enum groups = nowinbind enum users = nowinbind expand groups = 1winbind nested groups = yeswinbind offline logon = yes ------ common-auth ------auth? ? [success=2 default=ignore]? ? ? pam_unix.so nullok_secureauth? ? [success=1 default=ignore]? ? ? pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_passauth? ? requisite? ? ? ? ? ? ? ? ? ? ? ?pam_deny.soauth? ? required? ? ? ? ? ? ? ? ? ? ? ? pam_permit.so ------ pam_winbind.conf ------[global] krb5_auth = yes krb5_ccache_type = FILE cached_login = yes silent = no ------ some tests ------# net ads testjoinJoin is OK ?# klist -kKeyt...

...he next time authconfig is run. auth??????? required????? pam_env.so auth??????? required????? pam_faildelay.so delay=2000000 auth??????? sufficient??? pam_unix.so nullok try_first_pass auth??????? requisite???? pam_succeed_if.so uid >= 1000 quiet_success auth??????? sufficient??? pam_winbind.so cached_login use_first_pass auth??????? required????? pam_deny.so account???? required????? pam_unix.so broken_shadow account???? sufficient??? pam_localuser.so account???? sufficient??? pam_succeed_if.so uid < 1000 quiet account???? [default=bad success=ok user_unknown=ignore] pam_winbind.so cached_login a...

...d next three times and exits , and does not prompt for password again. Any hint is appreciated. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_winbind.so cached_login use_first_pass auth required pam_deny.so account required pam_access.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknow...

...or instance, in /etc/pam.d/common-auth I have: > auth [success=3 default=ignore] pam_krb5.so minimum_uid=10000 > auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass > auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass Putting 'cached_login' here is the same of putting: [global] cached_login = yes in /etc/security/pam_winbind.conf . > If I go anywhere (away from the domain), I can still log into the > laptop as my domain user, read and save files etc. All files are saved > a...

...ecurity/pam_winbind.so Then run 'ldconfig' You will also have to create a file: /usr/share/pam-configs/winbind Name: Winbind NT/Active Directory authentication Default: yes Priority: 192 Auth-Type: Primary Auth: [success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass Auth-Initial: [success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login Account-Type: Primary Account: [success=end new_authtok_reqd=done default=ignore] pam_winbind.so Password-Type: Primary Password: [success=end default=ignore] pam_winbind.so use_...

...package modules (the "Primary" block) > auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 > auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass > auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass > the krb5_ccache file is saved on /tmp/ is there a way to save that to an other folder, thats not cleanup on reboot? /usr/lib .... for example. > If not, run : pam-auth-update ( even if you dont see it, run it, it sets everything correct.) > > And im sure you have t...

...h [default=1 success=ok] pam_localuser.so auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth sufficient pam_sss.so forward_pass auth sufficient pam_winbind.so cached_login use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account [default=bad...

...t; Yes, Joined to the domain, ftp uses pam authentication. After > upgrading samba i found ftp pam authentication not working > > /etc/pam.d/ftp contains > > #%PAM-1.0 > auth sufficient /lib/security/pam_smbpass.so > auth sufficient /lib/security/pam_winbind.so cached_login > auth required /lib/security/pam_winbind.so krb5_auth > account required /lib/security/pam_nologin.so > account sufficient /lib/security/pam_smbpass.so > account required /lib/security/pam_winbind.so > password sufficient /lib/security/pam_smbpass.so...

I'm experimenting with smb + winbind. My host is joined to AD and I can login to my host fine using my AD credentials via SSH.?? The only issue is that I don't get a Kerberos ticket generated. In /etc/security/pam_winbind.conf I have: krb5_auth = yes krb5_ccache_type = KEYRING In /etc/krb5.conf, I also have: default_ccache_name = KEYRING:persistent:%{uid} Using wbinfo -K jas, then

...pt for the pam config file: > > /usr/share/pam-configs/winbind > > Name: Winbind NT/Active Directory authentication > Default: yes > Priority: 192 > Auth-Type: Primary > Auth: > [success=end default=ignore] pam_winbind.so krb5_auth > krb5_ccache_type=FILE cached_login try_first_pass > Auth-Initial: > [success=end default=ignore] pam_winbind.so krb5_auth > krb5_ccache_type=FILE cached_login > Account-Type: Primary > Account: > [success=end new_authtok_reqd=done default=ignore] pam_winbind.so > Password-Type: Primary > Passwor...

...he contents of those two packages are in sernet-samba-libs, except for the pam config file: /usr/share/pam-configs/winbind Name: Winbind NT/Active Directory authentication Default: yes Priority: 192 Auth-Type: Primary Auth: [success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass Auth-Initial: [success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login Account-Type: Primary Account: [success=end new_authtok_reqd=done default=ignore] pam_winbind.so Password-Type: Primary Password: [success=end default=ignore] pam_winbind.so use_aut...

Hi Rowland, Yes, Joined to the domain, ftp uses pam authentication. After upgrading samba On Fri, Oct 9, 2015 at 8:08 PM, Rowland Penny <rowlandpenny241155 at gmail.com> wrote: > On 09/10/15 15:28, VigneshDhanraj G wrote: > >> Hi Rowland, >> >> I updated samba from 40.25 to 4.1.20, now ftp is not working. >> >> > Very cryptic, why isn't ftp

...mon-auth I have: > > auth [success=3 default=ignore] pam_krb5.so > > minimum_uid=10000 auth [success=2 default=ignore] > > pam_unix.so nullok_secure try_first_pass auth [success=1 > > default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE > > cached_login try_first_pass > > Putting 'cached_login' here is the same of putting: > > [global] > cached_login = yes > > in /etc/security/pam_winbind.conf . I do not even have that file. > > > > If I go anywhere (away from the domain), I can still log into the...