search for: mod_auth_pam

...indd_cm.c:set_dc_type_and_flags(1654) set_dc_type_and_flags: domain STARTREK is running active directory. I now want to allow the apache web server (running on the same machine as samba) to utilize winbind to authenticate users with domain credentials. I have installed and configured apache with mod_auth_pam. When I access a protected website I get a login box but it doesn't allow me to login with my domain user/pass. The apache log gives the following error: [Sat May 10 22:47:20 2008] [error] [client 192.168.1.48] PAM: user 'matt.humrick' - not authenticated: User not known to the underly...

Is there a way to coax java services running under tomcat to use the system authentication methods set up through PAM? In my case, this would be users in the local passwd file or through smb to a windows domain. I've added mod_auth_pam to get this effect with apache but would like to also handle java web services. -- Les Mikesell lesmikesell at gmail.com

Hi, I have exactly the same problem with my web server ... Linux/redhat 9.0 / kernel 2.4.20-20.9.1 (+ Acl patches) Samba 3.0.2a / compiles with winbind and Acl options Apache 2.0.40 / with mod_auth_pam 2.xx included Authentication to samba share from a windows workstation using Acl + winbind + "Nt domain groups" works fine. But I gave some problems when I want to use NT domain groups to restrict web access to web directory ... only single user autorization works fine but ... never wit...

Setting up a new backuppc for a small group of device and I am running centos 5.4 with winbind setup and working. Everything is working and I would like the users to authenicate using their AD creds and was wondering what folks are using to do that with apache 2.2 and centos 5.4. I know about mod_auth_pam but that seems pretty dead so I was just wondering what folks were using and whats the easiest to setup. Any pointers to any how to's would be appreciated...Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/atta...

...cal passwords where a local account is needed for real logins (but either the domain or local password will work) and web services don't require a local account. That's most of the functionality I want and it doesn't take pre-arrangement with the AD administrator, but I have to glue mod_auth_pam into httpd and I'm not sure how to duplicate it for java web services. Is there a way to use an LDAP proxy in a similar way so I can add accounts of my own but also accept anything from one or more AD's? Or some better approach entirely? -- Les Mikesell lesmikesell at gmail.com

I have some services on Centos5 boxes that use smb authentication against the Windows domain as a low-maintenance way to handle most of our office users for things that don't need home directories (web/file shares, etc.). Running authconfig is all it takes to add it to PAM, then adding mod_auth_pam to apache makes it work with that and local users. This all works without any particular involvement with the Windows group or administrative access there. Is there a better way to do this on C6 that does not involve 'joining' the windows domain? And is there a way to make samba (C5 or 6...

...up for Centos5 vs. earlier verions? I have servers configured to use SMB authentication against a Windows domain controller so I don't have to deal with separate passwords. That still works the same for users that actually have local accounts. However, on some machines I also build the mod_auth_pam module for apache and use an /etc/pam.d/httpd file like: #%PAM-1.0 auth required pam_stack.so service=system-auth account required pam_permit.so The 'account' line is supposed to let anyone in, even if they don't have any local account info so everyone with a domain...

...authenticate a user? In smb.conf I have specified the names of all NT BDCs and PCD but it didn't change performance. And in pam.d/samba I have only auth and account required pam_winbind.so One more thing, does anybody have any hints on how to have Apache authenticate against samba? I installed mod_auth_pam but all users get denied. Thanks again! Luiz-Robertto Mello

We would like to have our Apache Linux-based web server use our existing NT domain to authenticate some of our web pages. We are using the Apache module mod_auth_pam to use pam-based authentication and then the winbind pam module to do the actual authentication. We have gotten to the point where we can authenticate using NT _users_, but we have not been able to authenticate using _groups_. For example, we can restrict a web page so that only the NT user "...

...0 User proftpd Group nogroup Umask 022 022 AllowOverwrite on PersistentPasswd off # This is required to use both PAM-based authentication and local passwords AuthOrder mod_auth_pam.c* mod_auth_unix.c AuthPAMConfig proftpd AuthPAM On TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log <IfModule mod_quotatab.c> QuotaEngine off </IfModule> <IfModule mod_ratio.c> Ratios off </IfModule> <IfModule mod_delay.c> D...

....0.0.1[127.0.0.1]): dispatching LOG_CMD command 'PASV' to mod_log Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): Client session idle timeout, disconnected Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): ROOT PRIVS at mod_auth_pam.c:173 Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): ROOT PRIVS: ID switching disabled Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): RELINQUISH PRIVS at mod_auth_pam.c:207 Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48...

Hello Samba, I have a Samba file server which I have successfully joined to a domian controlled by a Windows 2003 domian controller. I cannot get the server to allow access to users who are members of a group with spaces in its name. The domain has three (main) groups: - students - teachers - spaced users My Samba.conf has the following shared directories defined: [teachers] comment =

I'm setting up a dedicated database server, and since this will be a central service to my various web servers I wanted it to be as secure as possible...so I am leaving SELinux enabled. However I'm having trouble getting Apache to use mod_auth_pam. I also now can't get setroubleshootd working to send me notifications of the denials and provide tips to solve the problem. The Apache service has this directive on the default vhost, ------------------- <Directory "/usr/share/phpMyAdmin"> AuthPAM_Enabled on A...

...conf into the chroot allows pam_env to # work at session-end time (http://bugzilla.redhat.com/477120) VRootEngine on DefaultRoot ~ !adm VRootAlias etc/security/pam_env.conf /etc/security/pam_env.conf # Use pam to authenticate (default) and be authoritative AuthPAMConfig proftpd AuthOrder mod_auth_pam.c* mod_auth_unix.c # If you use NIS/YP/LDAP you may need to disable PersistentPasswd PersistentPasswd off # Don't do reverse DNS lookups (hangs on DNS problems) UseReverseDNS off # Set the user and group that the server runs as User nobody Group nobody # To prevent DoS attacks, set...

...'PASS (hidden)' to mod_log ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth ftp.csdsinc.com (192.168.1.158[192.168.1.158]) - FTP session closed. * /usr/sbin/proftpd -l | sort | grep auth* mod_auth.c mod_auth_file.c mod_auth_pam.c mod_auth_unix.c *Proftpd Ver:* /usr/sbin/proftpd -l | sort | grep auth mod_auth.c mod_auth_file.c mod_auth_pam.c mod_auth_unix.c

Hello, I have a suggestion which might be a small and very useful project for a C coder (I'm not one!). As Dovecot makes its authentication interface available to other programs, I think that an Apache module to use it would be very useful. Currently I share an passwd-db file between Dovecot and Apache. However with Apache that means I have to give Apache read access. That means that

I am looking into the best way to integrate active directory user authentication and authorisation in to Apache. So far I have a working LDAP solution that requires the username/password to be entered and a Kerberos setup that is transparent to the user but with no authorisation. Searching the net seems to only find commercial offerings which offer true password less integration between AD &

Greetings, I'm attempting to use an NT PDC to authenticate users on restricted areas of an apache website. I have RedHat 8.0 with samba, winbind, mod_auth_pam, apache, etc. Everything seems to be working fine with the following exception: When I change from --require valid user-- to --require group "DOMAIN+GROUP NAME"--, It appears that winbind is not able to recognize the user as a member of the domain group. The error in the apache error lo...

Greetings, I'm attempting to use an NT PDC to authenticate users on restricted areas of an apache website. I have RedHat 8.0 with samba, winbind, mod_auth_pam, apache, etc. Everything seems to be working fine with the following exception: When I change from --require valid user-- to --require group "DOMAIN+GROUP NAME"--, It appears that winbind is not able to recognize the user as a member of the domain group. The error in the apache error lo...

...winbind (pam_winbind to be specific)[I think!]. I have a Dell server with RH 7.3 preinstalled. I have it successfully authenticating against a PDC with my pam_winbind.so stuff in /etc/pam.d/system-auth.(auth sufficient /lib/security/pam_winbind.so, etc.) All seems ok. I've added the Apache mod_auth_pam module and set /etc/pam.d/httpd to use system-auth for its authentication. IT ALL WORKS GREAT!(for a while) Unfortunately, after a while, I'm not sure if its time related or burden related, pam_winbind will begin rejecting logins and /var/log/messages says: pam_winbind[29506]: read from sock...