Displaying 14 results from an estimated 14 matches for "local_users_only".
2015 May 08
4
ldap host attribute is ignored
...m_sss.so
account required pam_permit.so
account requisite pam_unix.so try_first_pass
account sufficient pam_localuser.so
account required pam_sss.so use_first_pass
account sufficient pam_localuser.so
password requisite pam_pwquality.so try_first_pass
local_users_only retry=3 authtok_type=
password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so
password requisite pam_cracklib.so
password optional pam_gnome_keyring.so use...
2015 May 11
2
ldap host attribute is ignored
...equired pam_unix.so broken_shadow
> account sufficient pam_succeed_if.so uid < 2000 quiet
> account [default=bad success=ok user_unknown=ignore] pam_sss.so
> account required pam_permit.so
>
> password requisite pam_pwquality.so try_first_pass
> local_users_only retry=3 authtok_type=
> password sufficient pam_unix.so md5 shadow nullok try_first_pass
> use_authtok
> password sufficient pam_sss.so use_authtok
> password required pam_deny.so
>
> session optional pam_keyinit.so revoke
> session required...
2015 May 11
3
ldap host attribute is ignored
On 05/09/2015 01:24 PM, Jonathan Billings wrote:
> Is it normal to have pam_unix and pam_sss twice for each each section?
No. See my previous message. I think it's the result of copying
portions of SuSE configurations.
2015 May 11
0
ldap host attribute is ignored
...pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 2000 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass
local_users_only retry=3 authtok_type=
password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optio...
2015 May 11
0
ldap host attribute is ignored
...equired pam_unix.so broken_shadow
> account sufficient pam_succeed_if.so uid < 2000 quiet
> account [default=bad success=ok user_unknown=ignore] pam_sss.so
> account required pam_permit.so
>
> password requisite pam_pwquality.so try_first_pass
> local_users_only retry=3 authtok_type=
> password sufficient pam_unix.so md5 shadow nullok try_first_pass
> use_authtok
> password sufficient pam_sss.so use_authtok
> password required pam_deny.so
>
> session optional pam_keyinit.so revoke
> session required...
2014 Oct 29
1
samba ssh change password Error was: Wrong password
...hadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
account required pam_permit.so
password requisite pam_pwquality.so pam_cracklib.so try_first_pass
local_users_only retry=3 authtok_type=
password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session o...
2015 May 09
0
ldap host attribute is ignored
...pam_permit.so
> account requisite pam_unix.so try_first_pass
> account sufficient pam_localuser.so
> account required pam_sss.so use_first_pass
> account sufficient pam_localuser.so
>
> password requisite pam_pwquality.so try_first_pass
> local_users_only retry=3 authtok_type=
> password sufficient pam_unix.so md5 shadow nullok try_first_pass
> use_authtok
> password sufficient pam_sss.so use_authtok
> password required pam_deny.so
> password requisite pam_cracklib.so
> password optional...
2020 Jul 28
0
kerberos ticket on login problem
..._shadow
account???? sufficient??? pam_localuser.so
account???? sufficient??? pam_succeed_if.so uid < 1000 quiet
account???? [default=bad success=ok user_unknown=ignore] pam_winbind.so
cached_login
account???? required????? pam_permit.so
password??? requisite???? pam_pwquality.so try_first_pass
local_users_only retry=3 authtok_type=
password??? sufficient??? pam_unix.so sha512 shadow nullok
try_first_pass use_authtok
password??? sufficient??? pam_winbind.so use_authtok
password??? required????? pam_deny.so
session???? optional????? pam_keyinit.so revoke
session???? required????? pam_limits.so
-session???...
2020 Jul 28
2
kerberos ticket on login problem
I'm experimenting with smb + winbind.
My host is joined to AD and I can login to my host fine using my AD
credentials via SSH.?? The only issue is that I don't get a Kerberos
ticket generated.
In /etc/security/pam_winbind.conf I have:
krb5_auth = yes
krb5_ccache_type = KEYRING
In /etc/krb5.conf, I also have:
default_ccache_name = KEYRING:persistent:%{uid}
Using wbinfo -K jas, then
2019 Apr 11
0
LMTP, PAM session and home directory autocreation
...required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session op...
2019 Apr 09
0
LMTP, PAM session and home directory autocreating
...required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session op...
2015 May 07
2
ldap host attribute is ignored
Thanks a lot for looking over the config.
I am at the topic "user data is available"
id <username>
and
getent passwd
and
ldapsearch -x -b "ou=XXX,o=YYY" uid=<username>
give the correct results
ldapsearch gives also the correct host attribute i have set in the ldap
server.
Regarding the manpage of sssd.conf the lines
access_provider = ldap
ldap_access_order =
2020 Jul 29
1
kerberos ticket on login problem
...??? pam_localuser.so
> account???? sufficient??? pam_succeed_if.so uid < 1000 quiet
> account???? [default=bad success=ok user_unknown=ignore]
> pam_winbind.so cached_login
> account???? required????? pam_permit.so
> password??? requisite???? pam_pwquality.so try_first_pass
> local_users_only retry=3 authtok_type=
> password??? sufficient??? pam_unix.so sha512 shadow nullok
> try_first_pass use_authtok
> password??? sufficient??? pam_winbind.so use_authtok
> password??? required????? pam_deny.so
> session???? optional????? pam_keyinit.so revoke
> session???? required?...
2015 May 05
6
ldap host attribute is ignored
...try_first_pass
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 2000 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass
local_users_only retry=3 authtok_type=
password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optio...