Displaying 20 results from an estimated 111 matches for "cached_login".
2023 Dec 28
1
winbind offline logon
...+0000
bd730c5053df9efb via samba <samba at lists.samba.org> wrote:
> > >
> > > # here are the per-package modules (the "Primary" block)
> > > auth [success=2 default=ignore] pam_unix.so nullok
> > > auth [success=1 default=ignore] pam_winbind.so cached_login
> > > krb5_auth krb5_ccache_type=FILE cached_login try_first_pass # <=
> > > added cached_login, just in case # here's the fallback if no
> > > module
> >
> >
> > Which one did you add ? The one after 'pam_winbind.so' or the other
> &...
2023 Dec 28
1
winbind offline logon
...ackend=ad
> > map acl inherit = Yes
> > store dos attributes = Yes
> > vfs objects = acl_xattr
> > min domain uid = 0
> > winbind offline logon = Yes
> > winbind request timeout = 10
> >
> > /etc/security/pam_winbind.conf
> > [global]
> > cached_login = Yes
> > #krb5_auth = Yes # <= Commented since it's part of
> > /etc/pam.d/common-auth #krb5_ccache_type = FILE # <= Commented since
> > it's part of /etc/pam.d/common-auth
>
>
> You do not need /etc/security/pam_winbind.conf if the settings are in
> /...
2023 Dec 28
1
winbind offline logon
...=ad
> map acl inherit = Yes
> store dos attributes = Yes
> vfs objects = acl_xattr
> min domain uid = 0
> winbind offline logon = Yes
> winbind request timeout = 10
>
> /etc/security/pam_winbind.conf
> [global]
> cached_login = Yes
> #krb5_auth = Yes # <= Commented since it's part of
> /etc/pam.d/common-auth #krb5_ccache_type = FILE # <= Commented since
> it's part of /etc/pam.d/common-auth
You do not need /etc/security/pam_winbind.conf if the settings are in
/etc/pam.d/common-a...
2010 Apr 16
1
offline logon in 3.4.7-58
...s:
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_winbind.so cached_login use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
account [defau...
2023 Dec 28
2
winbind offline logon
...mode = rfc2307
idmap config samdom:backend=ad
map acl inherit = Yes
store dos attributes = Yes
vfs objects = acl_xattr
min domain uid = 0
winbind offline logon = Yes
winbind request timeout = 10
/etc/security/pam_winbind.conf
[global]
cached_login = Yes
#krb5_auth = Yes # <= Commented since it's part of /etc/pam.d/common-auth
#krb5_ccache_type = FILE # <= Commented since it's part of /etc/pam.d/common-auth
/etc/pam.d/common-auth
#
# /etc/pam.d/common-auth - authentication settings common to all servic...
2019 Jan 28
2
Winbind, cached logons and 'user persistency'...
...tion system. For instance, in /etc/pam.d/common-auth
I have:
auth [success=3 default=ignore] pam_krb5.so minimum_uid=10000
auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass
auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
And /etc/nsswitch.conf has these two lines:
passwd: compat winbind
group: compat winbind
This is on my laptop and I have 'winbind offline logon = yes' set in
smb.conf
If I go anywhere (away from the domain), I can still log into the
laptop as my domain us...
2016 Sep 30
2
Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED
...fix the winbind part.
First install libpam-krb5, then create a
file: /usr/share/pam-configs/winbind
containing this:
Name: Winbind NT/Active Directory authentication
Default: yes
Priority: 192
Auth-Type: Primary
Auth:
[success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
Auth-Initial:
[success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login
Account-Type: Primary
Account:
[success=end new_authtok_reqd=done default=ignore] pam_winbind.so
Password-Type: Primary
Password:
[success=end default=ignore] pam_winbind.so use_...
2019 Aug 19
3
How does "winbind refresh tickets" work?
...ind enum groups = nowinbind enum users = nowinbind expand groups = 1winbind nested groups = yeswinbind offline logon = yes
------ common-auth ------auth? ? [success=2 default=ignore]? ? ? pam_unix.so nullok_secureauth? ? [success=1 default=ignore]? ? ? pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_passauth? ? requisite? ? ? ? ? ? ? ? ? ? ? ?pam_deny.soauth? ? required? ? ? ? ? ? ? ? ? ? ? ? pam_permit.so
------ pam_winbind.conf ------[global] krb5_auth = yes
krb5_ccache_type = FILE cached_login = yes silent = no
------ some tests ------# net ads testjoinJoin is OK
?# klist -kKeyt...
2020 Jul 28
0
kerberos ticket on login problem
...he next time authconfig is run.
auth??????? required????? pam_env.so
auth??????? required????? pam_faildelay.so delay=2000000
auth??????? sufficient??? pam_unix.so nullok try_first_pass
auth??????? requisite???? pam_succeed_if.so uid >= 1000 quiet_success
auth??????? sufficient??? pam_winbind.so cached_login use_first_pass
auth??????? required????? pam_deny.so
account???? required????? pam_unix.so broken_shadow
account???? sufficient??? pam_localuser.so
account???? sufficient??? pam_succeed_if.so uid < 1000 quiet
account???? [default=bad success=ok user_unknown=ignore] pam_winbind.so
cached_login
a...
2009 Jul 06
0
winbind pam error
...d next three times and exits , and does not prompt for password
again.
Any hint is appreciated.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_winbind.so cached_login use_first_pass
auth required pam_deny.so
account required pam_access.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknow...
2019 Jan 29
0
Winbind, cached logons and 'user persistency'...
...or instance, in /etc/pam.d/common-auth I have:
> auth [success=3 default=ignore] pam_krb5.so minimum_uid=10000
> auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass
> auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
Putting 'cached_login' here is the same of putting:
[global]
cached_login = yes
in /etc/security/pam_winbind.conf .
> If I go anywhere (away from the domain), I can still log into the
> laptop as my domain user, read and save files etc. All files are saved
> a...
2016 Dec 08
4
How to join join Ubuntu desktop to AD
...ecurity/pam_winbind.so
Then run 'ldconfig'
You will also have to create a file: /usr/share/pam-configs/winbind
Name: Winbind NT/Active Directory authentication
Default: yes
Priority: 192
Auth-Type: Primary
Auth:
[success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
Auth-Initial:
[success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login
Account-Type: Primary
Account:
[success=end new_authtok_reqd=done default=ignore] pam_winbind.so
Password-Type: Primary
Password:
[success=end default=ignore] pam_winbind.so use_...
2020 Jul 09
3
AD Users on Linux Laptop
...package modules (the "Primary" block)
> auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000
> auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass
> auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
>
the krb5_ccache file is saved on /tmp/ is there a way to save that to an
other folder, thats not cleanup on reboot? /usr/lib .... for example.
> If not, run : pam-auth-update ( even if you dont see it, run it, it sets everything correct.)
>
> And im sure you have t...
2017 May 09
2
ssh not connecting to Active Directory in Fedora 25 workstation, wbinfo -u works; child_read_request: read_data failed: NT_STATUS_CONNECTION_RESET
...h [default=1 success=ok] pam_localuser.so
auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_sss.so forward_pass
auth sufficient pam_winbind.so cached_login use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account [default=bad...
2015 Oct 12
1
getting error Ignoring parameter browse directory and winbind sequence directory
...t; Yes, Joined to the domain, ftp uses pam authentication. After
> upgrading samba i found ftp pam authentication not working
>
> /etc/pam.d/ftp contains
>
> #%PAM-1.0
> auth sufficient /lib/security/pam_smbpass.so
> auth sufficient /lib/security/pam_winbind.so cached_login
> auth required /lib/security/pam_winbind.so krb5_auth
> account required /lib/security/pam_nologin.so
> account sufficient /lib/security/pam_smbpass.so
> account required /lib/security/pam_winbind.so
> password sufficient /lib/security/pam_smbpass.so...
2020 Jul 28
2
kerberos ticket on login problem
I'm experimenting with smb + winbind.
My host is joined to AD and I can login to my host fine using my AD
credentials via SSH.?? The only issue is that I don't get a Kerberos
ticket generated.
In /etc/security/pam_winbind.conf I have:
krb5_auth = yes
krb5_ccache_type = KEYRING
In /etc/krb5.conf, I also have:
default_ccache_name = KEYRING:persistent:%{uid}
Using wbinfo -K jas, then
2015 Jan 09
2
getting NT_STATUS_LOGON_FAILURE
...pt for the pam config file:
>
> /usr/share/pam-configs/winbind
>
> Name: Winbind NT/Active Directory authentication
> Default: yes
> Priority: 192
> Auth-Type: Primary
> Auth:
> [success=end default=ignore] pam_winbind.so krb5_auth
> krb5_ccache_type=FILE cached_login try_first_pass
> Auth-Initial:
> [success=end default=ignore] pam_winbind.so krb5_auth
> krb5_ccache_type=FILE cached_login
> Account-Type: Primary
> Account:
> [success=end new_authtok_reqd=done default=ignore] pam_winbind.so
> Password-Type: Primary
> Passwor...
2015 Jan 09
2
getting NT_STATUS_LOGON_FAILURE
...he contents of those two packages are in sernet-samba-libs, except for the pam config file: /usr/share/pam-configs/winbind Name: Winbind NT/Active Directory authentication Default: yes Priority: 192 Auth-Type: Primary Auth: [success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass Auth-Initial: [success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login Account-Type: Primary Account: [success=end new_authtok_reqd=done default=ignore] pam_winbind.so Password-Type: Primary Password: [success=end default=ignore] pam_winbind.so use_aut...
2015 Oct 12
2
getting error Ignoring parameter browse directory and winbind sequence directory
Hi Rowland,
Yes, Joined to the domain, ftp uses pam authentication. After upgrading
samba
On Fri, Oct 9, 2015 at 8:08 PM, Rowland Penny <rowlandpenny241155 at gmail.com>
wrote:
> On 09/10/15 15:28, VigneshDhanraj G wrote:
>
>> Hi Rowland,
>>
>> I updated samba from 40.25 to 4.1.20, now ftp is not working.
>>
>>
> Very cryptic, why isn't ftp
2019 Jan 29
2
Winbind, cached logons and 'user persistency'...
...mon-auth I have:
> > auth [success=3 default=ignore] pam_krb5.so
> > minimum_uid=10000 auth [success=2 default=ignore]
> > pam_unix.so nullok_secure try_first_pass auth [success=1
> > default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE
> > cached_login try_first_pass
>
> Putting 'cached_login' here is the same of putting:
>
> [global]
> cached_login = yes
>
> in /etc/security/pam_winbind.conf .
I do not even have that file.
>
>
> > If I go anywhere (away from the domain), I can still log into the...