search for: libpam_krb5

Displaying 13 results from an estimated 13 matches for "libpam_krb5".

2006 Feb 23
1
Questions about sshd_config man page and comments in the file
...ttings. # /opt/ssh/sbin/sshd -o "usepam yes" -o "challengeresponseauthentication no" -o "kerberosauthentication no" -o "passwordauthentication yes" -o "kerberosorlocalpasswd no" Authentication ,Password management modules were set to "libpam_krb5.so.1" and Session,Account management modules were set to "libpam_unix.so.1" in pam configuation file. During ssh conneciton, Kerberos password got succeeded when the ssh client was prompted for password. This violates the steps commented in sshd_config file.Can anyone clarify th...
2018 Sep 12
2
design question for small environment
As the unix serversĀ  running linux (I know some people wouldn't call that real unix) or a "real" unix like Solaris ? Linux has sssd which can make things simpler. In either case you probably need a proxy account for the unix system to retrieve user and group info (not passwords) via LDAP. On 09/11/18 03:56, Rowland Penny via samba wrote: > On Tue, 11 Sep 2018 08:56:35 +0200
2019 Jun 17
2
Fwd: Re: Kerberos and NTLMv2 authentication
...b5 installed, I have on my system : > yum list krb5-workstation pam_krb5 > krb5-workstation.x86_64 1.15.1-37.el7_6 @updates > pam_krb5.x86_64 2.4.8-6.el7 @base > > Is pam_krb5 equivalent to libpam-krb5 on centos 7 ? Sorry for the late reply, yes pam_krb5 is the Centos equivalent of libpam_krb5 I think we need to see your entire smb.conf and the passwd & group lines from /etc/nsswitch.conf Rowland
2018 Apr 24
2
Find/delete bad DNS Entry
...rectory, so if the machine you are trying to join as a DC cannot find the KDC via dns, then it is likely to have problems later. You must have working dns before the join. I have read your join howto and have the following comments, based on my experience. I would also install libpam_winbind and libpam_krb5 /etc/krb5.conf needs to be only this: [libdefaults] default_realm = MONDOMAINE.LAN dns_lookup_realm = false dns_lookup_kdc = true I would stop smbd, nmbd, winbind before the join I would run the join command like this: samba-tool domain join mondomaine.lan DC -U administrator --rea...
2018 Sep 14
2
Having problem with RID backend - must be missing something
Greetings, I currently am using Samba 4.8.5 as an AD DC on one server - working great! I am also using 4.8.5 on another server joined as a member server and I'm trying to configure the RID idmap backend and I believe I have the settings correct but when I try to access a share on the server from a joined Windows machine I am getting prompted for credentials. Here is my config on the DC:
2018 Sep 14
3
Having problem with RID backend - must be missing something
----- On Sep 14, 2018, at 4:56 AM, Rowland Penny via samba samba at lists.samba.org wrote: > What OS ? > If it is debian, do you have libpam_krb5 installed ? It is CentOS 7. I feel stupid because it was super simple. See Below. > Having rfc2307 attributes in AD shouldn't affect the way the 'rid' > backend works. > I was thinking this as well. > > Did you find it easy to understand ? > I thought so but i...
2019 Jun 17
0
Fwd: Re: Kerberos and NTLMv2 authentication
...: >> yum list krb5-workstation pam_krb5 >> krb5-workstation.x86_64 1.15.1-37.el7_6 @updates >> pam_krb5.x86_64 2.4.8-6.el7 @base >> >> Is pam_krb5 equivalent to libpam-krb5 on centos 7 ? > > Sorry for the late reply, yes pam_krb5 is the Centos equivalent of > libpam_krb5 > > I think we need to see your entire smb.conf and the passwd & group > lines from /etc/nsswitch.conf > > Rowland > > >
2018 Sep 14
0
Having problem with RID backend - must be missing something
...ed as a member > server and I'm trying to configure the RID idmap backend and I > believe I have the settings correct but when I try to access a share > on the server from a joined Windows machine I am getting prompted for > credentials. > What OS ? If it is debian, do you have libpam_krb5 installed ? Snip > Another piece to the puzzle is that I had this configured and working > with the AD backend but I wanted to try to set it up a little simpler > so that I don't have to select unix attributes every time I create a > new user. So due to this some of my users alre...
2019 Jun 15
2
Kerberos and NTLMv2 authentication
Hello Rowland, Sorry for the workgroup and realm name, I put MYDOMAIN to anonymize, should be : realm = MYDOMAIN.LOCAL workgroup = MYDOMAIN About libpam-krb5 installed, I have on my system : yum list krb5-workstation pam_krb5 krb5-workstation.x86_64 1.15.1-37.el7_6 @updates pam_krb5.x86_64 2.4.8-6.el7 @base Is pam_krb5
2018 Sep 12
1
design question for small environment
...to AD. No, you do not need the > red-hat tools at all. > >> In either case you probably need a proxy account for the unix system >> to retrieve user and group info (not passwords) via LDAP. > No, you just need to set up pam correctly, which is easy on debian, > just install libpam_krb5 > > Rowland > > >
2018 Apr 24
0
Find/delete bad DNS Entry
...an explicit configuration of KDC in /etc/krb5.conf. And actually it is a must have in a large multi-site setup with slow VPN and strict firewall rules. > I have read your join howto and have the following comments, based on > my experience. > > I would also install libpam_winbind and libpam_krb5 we are limiting at much as possible shell connection to the AD (a compromission on your AD is a compromission of your whole network). So we don't enable this kind of authentication on DC. SSH key exchange for the lucky few that manage the AD is much better suited IMHO. > /etc/krb5.conf...
2017 Jul 06
1
Can't create/update Group Policy in Samba 4.6.5
Hi Rowland > My DC doesn't know domains users and groups by name, only by uid/gid. Sounds like you haven't set up the libnss_winbind.so links or /etc/nsswitch.conf I had not installed Winbind, but I installed it now. (winbind, libnss-winbind and libpam-winbind packages). I configured /etc/nsswitch as below: passwd: compat winbind group: compat winbind shadow:
2018 Apr 23
4
Find/delete bad DNS Entry
We added a DNS entry to Samba via the Windows DNS Manager which apparently was invalid. Now we can't see the list of forward lookup in the Window DNS Manager because it immediately errors and we have to restart the Samba service. Running Samba 4.3.11-Ubuntu on Ubuntu 16.04 Additionally, a samba-tool dns query fails with the following error: > $ samba-tool dns query dc1.mydomain.com