search for: minimum_uid

Hai Rowland, Maybe i didnt understand your reply that well, but why would you change it. All (linux) users have minimum_uid=1000 and start at 1000. All (windows) users (samba) are above minimum_uid=1000 So in my optinion, you should not be needed to change this. Unless your users start below 1000. Also cat /etc/adduser.conf shows ( For Debian/Buster ) # FIRST_[GU]ID to LAST_[GU]ID inclusive is the range of UIDs...

Ahha, perfect, nice. So per example. ( from my setup ) idmap config *:range = 2000-9999 idmap config SAMDOM : range = 10000-3999999 And if i understanded it right we should use 10000 Can you try this : sed -i "s/pam_krb5.so minimum_uid=1000/pam_krb5.so minimum_uid=$(grep range /etc/samba/smb.conf|grep -v \* |cut -d"=" -f2 | cut -d"-" -f1|cut -c2-10000000000)/g" /usr/share/pam-configs/krb5 pam-auth-update Looks good to me. Or we could try to change requered to sufficient in /usr/share/pam-configs/krb5 S...

...I used PAM) My PAM setup is this: /etc/pam.d/proftpd auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed @include common-auth @include common-account @include common-session /etc/pam.d/common-auth auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass auth requisite pam_deny.so auth required pam_...

.... van Belle via samba < samba at lists.samba.org> schreef: Ahha, perfect, nice. So per example. ( from my setup ) idmap config *:range = 2000-9999 idmap config SAMDOM : range = 10000-3999999 And if i understanded it right we should use 10000 Can you try this : sed -i "s/pam_krb5.so minimum_uid=1000/pam_krb5.so minimum_uid=$(grep range /etc/samba/smb.conf|grep -v \* |cut -d"=" -f2 | cut -d"-" -f1|cut -c2-10000000000)/g" /usr/share/pam-configs/krb5 pam-auth-update Looks good to me. Or we could try to change requered to sufficient in /usr/share/pam-configs/krb5 Sti...

Hello, I have setup a laptop with debian10, where samba ad users should able to login. I also setup PAM_Offline_Authentication, so far so good. There are several Problems: - After Reboot winbind seem to start before network is redy, so winbind can't get user info via getent passwd <username>, after restart winbind it works - How can I cache logins infos, for offline login (e.g. when

...The only thing you had me change with the as-installed PAM configuration was to add to /etc/pam.d/common-account: session required pam_mkhomedir.so skel=/etc/skel/ umask=0002 I also found I needed to change a line in /etc/pam.d/common-password to: password [success=3 default=ignore] pam_krb5.so minimum_uid=10000 (instead of minimum_uid=1000) in order to have my non-domain local users be able to change their passwords using passwd. If there is a PAM file I can post to verify it's correctness, I'd be happy to do that. > OK, I use Mate on debian wheezy and after a bit of testing, I have fo...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, I posted this also on hylafax list - maybe here is someone with a hint. System: Debian Jessie, Hylafax-Server 6.0.6, pam 1.1.8, libpam-ldapd 0.9.4, nslcd 0.9.4 (all actual debian packets from stable), sernet-samba-*-4.2.7-8 After a switch from OpenLDAP to a Samba 4.2 based LDAP Server, I cannot auth users anymore in Hylafax, everything else

...heck yes GSSAPIKeyExchange yes GSSAPIStoreCredentialsOnRekey yes /etc/pam.d had the following.  ( all settings are done with pam-auth-update ) samba @include common-auth @include common-account @include common-session-noninteractive common-auth auth    [success=5 default=ignore]      pam_krb5.so minimum_uid=1000 auth    [success=4 default=ignore]      pam_unix.so nullok_secure try_first_pass auth    [success=3 default=ignore]      pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass auth    [success=2 default=ignore]      pam_ccreds.so minimum_uid=1000 action=validate use_first_p...

Hi Rowland, Yes, Joined to the domain, ftp uses pam authentication. After upgrading samba On Fri, Oct 9, 2015 at 8:08 PM, Rowland Penny <rowlandpenny241155 at gmail.com> wrote: > On 09/10/15 15:28, VigneshDhanraj G wrote: > >> Hi Rowland, >> >> I updated samba from 40.25 to 4.1.20, now ftp is not working. >> >> > Very cryptic, why isn't ftp

...ockskew = 300 [domain_realm] .ELLNET = ELLISONSLEGAL.COM [realms] ELLISONSLEGAL.COM = { kdc = 10.0.0.31 default_domain = ELLNET kpasswd_server = 10.0.0.31 } [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 } Thanks -----Original Message----- From: Penny Willisson Sent: 11 April 2005 14:43 To: 'Gordon Hopper'; 'ernesto.pereirinha@atminformatica.pt' Cc: Dimitri Yioulos; samba@lists.samba.org Subject: RE: [Samba] net ads join fails I have recreated my dns pointers without su...

...DC-1.TQ-NET.DE } [domain_realm] .tq-net.DE = TQ-NET.DE [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = true retain_after_close = true minimum_uid = 0 try_first_pass = true debug = false } krb5.conf kerberos works fine. _____________________________________________________________________ Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! http://smartsurfer.web.de/?mc=100071&d...

...information do you want :) Greetings :) Marcel Am 18.01.2016 um 11:48 schrieb L.P.H. van Belle: > Hai, >  > I dont have hylafax running atm, but can you check for the following. >  > /etc/pam.d/common-account/password/session .. etc.  and pam_ldap >  > Look for any : minimum_uid=1000  if you see that, remove "minimum_uid=1000" > And whats the UID for user : hylafax >  > After the changes, > stop nslcd. > Restart samba > Restart hylafax >  > If needed reboot the server. > And check again. >  > This is the first an...

...lt_domain = WAYNE.LOCAL kpasswd_server = adserver.wayne.local } [domain_realm] .WAYNE.LOCAL = WAYNE.LOCAL [appdefaults] pam = { ticket_lifetime = 365d renew_lifetime = 365d forwardable = true proxiable = false retain_after_close = true minimum_uid = 0 } ----------/var/log/samba/log.smbd-------- [2004/12/20 15:25:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username WAYNE/LIEUTENANT1$ is invalid on this system [2004/12/20 15:25:44, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username WAYNE/LIEUTENANT1$ is invalid on this system...

Hai, I dont have hylafax running atm, but can you check for the following. /etc/pam.d/common-account/password/session .. etc. and pam_ldap Look for any : minimum_uid=1000 if you see that, remove "minimum_uid=1000" And whats the UID for user : hylafax After the changes, stop nslcd. Restart samba Restart hylafax If needed reboot the server. And check again. This is the first and only i can think of, it would be handy if above does not work, y...

...linux domain member (computer) is "adminlinux" that is basically only used when I ssh in for maintenance. Ok thats good, but what if you cant login with?adminlinux ?? .. thats why i have 2 accounts. ??? And, kerberos sets : password? ? ? ? [success=3 default=ignore]? ? ? pam_krb5.so minimum_uid=1000? ? ? ? ? ? <<< NOTE !!!!? password? ? ? ? [success=2 default=ignore]? ? ? pam_unix.so obscure use_authtok try_first_pass sha512 password? ? ? ? [success=1 default=ignore]? ? ? pam_winbind.so try_authtok try_first_pass So only minimal UID 1000 is allowed to use kerberos auth. ???...

...that it assumed a non-AD Unix user. In the meantime (before having tried your new script), I did some experimentation and have some observations that may or may not be useful. I can't help thinking that pam has something to do with this. My common-passwords is below which, except for the "minimum_uid=1000" bit, is as-installed: password [success=3 default=ignore] pam_krb5.so minimum_uid=10000 password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 password [success=1 default=ignore] pam_winbind.so use_authtok try_first_...

...os.server = DOMAIN .domain = DOMAIN domain = DOMAIN [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 debug = false } [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/kdc.log admin_server = FILE:/var/log/kadmind.log Any idea what may be wrong?

...dc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log [domain_realm] .domain.com = DOMAIN.COM domain.com = DOMAIN.COM [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 } Any help is appreciated. -- Jason Gerfen "My girlfriend threated to leave me if I went boarding... I will miss her." ~ DIATRIBE aka FBITKK

...N.EDU [loggin] default = FILE:/var/log/krb5.log [appdefaults] pam = { ticket_lifetime = 365d renew_lifetime = 365d forwardable = true proxiable = false retain_after_close = true minimum_uid = 0 } The nsswitch.com file: passwd: compat winbind shadow: compat group: compat winbind # passwd: db files nis # shadow: db files nis # group: db files nis hosts: files dns wins networks: files services: db files protocols: db files rpc:...

...stem»). Now this is what I do not understand, my understanding is that 'PAM' is used to find the correct authentication system and 'NSS' just connects to that authentication system. For instance, in /etc/pam.d/common-auth I have: auth [success=3 default=ignore] pam_krb5.so minimum_uid=10000 auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass And /etc/nsswitch.conf has these two lines: passwd: compat winbind group: comp...