Displaying 17 results from an estimated 17 matches for "pam_check_host_attr".
2007 Sep 06
0
[Resolved] Found a way of allowing pam_ldap users (with pam_groupdn or pam_check_host_attr restrictions), AND allowing local root authentication, without pam_unix.so taking presense due to getpwent() returns ldap-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I've been trying to get LDAP ssh authentication to work for a while, and
I found a bug (http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/116150) in
pam_unix.so, that breaks support for ldap-group/host-restrictions the
ldap-way.
I saw numerous emails about pam_groupdn-ldap-restrictions on the
mailinglists dating back to 2001, but no resolution
2015 May 05
6
ldap host attribute is ignored
...ored. Any ldap
user, independent from the host attribute, still can login in.
What could be the reason? (googling around did not lead me to a solution).
The cache is already flushed.
Here is my configuration:
/etc/openldap/ldap.conf contains the line:
------------------------------------------
pam_check_host_attr yes
/etc/sssd/sssd.conf:
--------------------
[sssd]
config_file_version = 2
services = nss, pam, autofs
domains = default
# SSSD will not start if you do not configure any domains.
# Add new domain configurations as [domain/<NAME>] sections, and
# then add the list of domains (in the or...
2015 May 05
0
ldap host attribute is ignored
On 05/05/2015 03:02 AM, Ulrich Hiller wrote:
> /etc/openldap/ldap.conf contains the line:
> ------------------------------------------
> pam_check_host_attr yes
/etc/openldap/ldap.conf is the configuration file for openldap clients.
It is not used for system authentication or name service.
> 'pam_check_host_attr yes' is in /etc/openldap/ldap.conf. /etc/ldap.conf
> is a softlink to that file.
Those two files have completely differ...
2015 May 05
4
ldap host attribute is ignored
On 05/05/2015 06:47 PM, Gordon Messmer wrote:
> On 05/05/2015 03:02 AM, Ulrich Hiller wrote:
>> /etc/openldap/ldap.conf contains the line:
>> ------------------------------------------
>> pam_check_host_attr yes
>
> /etc/openldap/ldap.conf is the configuration file for openldap clients.
> It is not used for system authentication or name service.
>
>> 'pam_check_host_attr yes' is in /etc/openldap/ldap.conf. /etc/ldap.conf
>> is a softlink to that file.
>
> T...
2010 Jul 27
2
Samba LDAP ignores group information
...hadowMax: 9999
Here's /etc/ldap.conf
base dc=example,dc=com
uri ldapi:///127.0.0.1
uri ldap://127.0.0.1
ldap_version 3
binddn cn=admin,dc=example,dc=com
bindpw mysecret
rootbinddn cn=admin,dc=example,dc=com
scope sub
bind_policy soft
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_check_host_attr yes
pam_member_attribute memberUid
pam_password md5
nss_base_passwd ou=people,dc=example,dc=com?sub
nss_base_passwd ou=computers,dc=example,dc=com?sub
nss_base_group ou=groups,dc=example,dc=com?sub
And the smbldap.conf:
SID="S-1-5-21-158730468-2379596502-3695168017"
sambaDomain="R...
2015 May 05
0
ldap host attribute is ignored
...chine in
> their ldap host attribute.
>
> My problem is, that this host attribute seems to be ignored. Any ldap
> user, independent from the host attribute, still can login in.
>
> What could be the reason? (googling around did not lead me to a solution).
>
>
Try to set 'pam_check_host_attr yes' in /etc/ldap.conf .
--Regards
Ashishkumar S. Yadav
2015 May 12
0
ldap host attribute is ignored
...k apart from username and password check -
otherwise i would not have been able to login.
The question is why doesn't it perform these checks.
Just to repete: My sssd.conf contains
access_provider = ldap
ldap_access_order = host
ldap_user_authorized_host = host
I read something about "pam_check_host_attr" in /etc/ldap.conf But this
does not help in my /etc/openldap/ldap.conf (already tested).
Any idea is still welcome.
With kind regards, ulrich
On 05/12/2015 07:45 PM, Gordon Messmer wrote:
> On 05/12/2015 06:25 AM, Ulrich Hiller wrote:
>>
>> i have set logging in sssd to 9...
2007 Oct 09
1
nscd segfaulting on centos 4.5
Does anyone know if there is a fix for nscd segfaulting after a short period of time.
Googling for it came up with one result that suggested deleting the files in
/var/db/nscd , but that didn't help. Another result was about run away processes which
is not the problem I'm having.
They are x86_64 boxes.
output from /var/log/messages
Oct 9 12:56:38 lyra kernel: nscd[11660]: segfault at
2009 Jun 29
2
CentOS and Redhat Directory Server
I have implemented LDAP on CentOS successfully using Redhat's Directory
Server and the great how-to on the CentOS wiki.
Being new to LDAP, I have a question and maybe one of you guys can point
me in the right direction: I have LDAP implemented on the network for
logins to the workstation pcs. I also have an apache website that I now
use LDAP for authentication. What I want, however, is
2010 Jul 30
0
Slow with some applications
...ot;
dos charset = UTF-8
unix charset = UTF-8
== ldap.conf ==
base dc=example,dc=com
uri ldap://127.0.0.1
ldap_version 3
binddn cn=admin,dc=example,dc=com
bindpw mysecret
rootbinddn cn=admin,dc=example,dc=com
scope sub
bind_policy soft
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_check_host_attr yes
pam_member_attribute memberUid
pam_password md5
nss_base_passwd ou=people,dc=example,dc=com?sub
nss_base_passwd ou=computers,dc=example,dc=com?sub
nss_base_group ou=groups,dc=example,dc=com?sub
== slapd.conf ==
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/...
2006 Nov 06
1
Samba with AD
...tscape Directory Server)
#pam_lookup_policy yes
# Check the 'host' attribute for access control
# Default is no; if set to yes, and user has no
# value for the host attribute, and pam_ldap is
# configured for account management (authorization)
# then the user will not be allowed to login.
#pam_check_host_attr yes
# Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com
# Group member attribute
#pam_member_attribute uniquemember
# Specify a minium or maximum UID number allowed
#pam_min_uid 0
#pam_max_uid 0
# Template login attribute, default template user
# (can be overriden by v...
2015 May 12
3
ldap host attribute is ignored
On 05/12/2015 06:25 AM, Ulrich Hiller wrote:
>
> i have set logging in sssd to 9:
7 might be good enough for what you want to find. I added this to
domain/default section:
access_provider = ldap
ldap_access_order = host
ldap_user_authorized_host = host
debug_level = 7
/var/log/sssd/sssd_default.log logged the following for one user which
had no "host" attribute, and was
2015 May 06
2
ldap host attribute is ignored
...[autofs]
When i stop the sssd deamon, no login at all is possible. But when i
start sssd, again login is successful, independendly from what i write
into ldap_access_order and ldap_user_authorized_host (if i don't commit
syntax errors). I also tried with ldap_access_filter and inserting
"pam_check_host_attr yes" into ldap.conf.
Still the same: When username and password are correct, the host
atribute is ignored.
Is there another config file i have to edit?
With kind regards, ulrich
On 05/05/2015 11:43 PM, Gordon Messmer wrote:
> On 05/05/2015 11:14 AM, Ulrich Hiller wrote:
>> On...
2005 Apr 21
0
Problem with groups & joining domain.- LDAP
...cape Directory Server)
# pam_lookup_policy yes
# Check the 'host' attribute for access control
# Default is no; if set to yes, and user has no
# value for the host attribute, and pam_ldap is
# configured for account management (authorization)
# then the user will not be allowed to login.
# pam_check_host_attr yes
# Check the 'authorizedService' attribute for access
# control
# Default is no; if set to yes, and the user has no
# value for the authorizedService attribute, and
# pam_ldap is configured for account management
# (authorization) then the user will not be allowed
# to login.
#pam_check...
2009 Mar 04
0
Can anyone comment on my setup?
...tscape Directory Server)
#pam_lookup_policy yes
# Check the 'host' attribute for access control
# Default is no; if set to yes, and user has no
# value for the host attribute, and pam_ldap is
# configured for account management (authorization)
# then the user will not be allowed to login.
#pam_check_host_attr yes
# Check the 'authorizedService' attribute for access
# control
# Default is no; if set to yes, and the user has no
# value for the authorizedService attribute, and
# pam_ldap is configured for account management
# (authorization) then the user will not be allowed
# to login.
#pam_check...
2005 May 05
2
Fwd: Follow Up - Problem with groups & joining domain.- LDAP
...cape Directory Server)
# pam_lookup_policy yes
# Check the 'host' attribute for access control
# Default is no; if set to yes, and user has no
# value for the host attribute, and pam_ldap is
# configured for account management (authorization)
# then the user will not be allowed to login.
# pam_check_host_attr yes
# Check the 'authorizedService' attribute for access
# control
# Default is no; if set to yes, and the user has no
# value for the authorizedService attribute, and
# pam_ldap is configured for account management
# (authorization) then the user will not be allowed
# to login.
#pam_check...
2005 Jun 22
2
Problem Connecting from Windows to Samba-OpenLDAP PDC
...tscape Directory Server)
#pam_lookup_policy yes
# Check the 'host' attribute for access control
# Default is no; if set to yes, and user has no
# value for the host attribute, and pam_ldap is
# configured for account management (authorization)
# then the user will not be allowed to login.
#pam_check_host_attr yes
# Check the 'authorizedService' attribute for access
# control
# Default is no; if set to yes, and the user has no
# value for the authorizedService attribute, and
# pam_ldap is configured for account management
# (authorization) then the user will not be allowed
# to login.
#pam_check...