search for: pam_unix

...]: Expected SMBtrans response, got command 0x00 Jun 17 14:51:40 retainer smbd[8922]: [2005/06/17 14:51:40, 0] rpc_client/cli_pipe.c:cli_nt_session_open(1468) Jun 17 14:51:40 retainer smbd[8922]: cli_nt_session_open: pipe hnd state failed. Error was SUCCESS - 0 Jun 17 14:52:01 retainer crond(pam_unix)[13019]: session opened for user root by (uid=0) Jun 17 14:52:01 retainer crond(pam_unix)[13019]: session closed for user root Jun 17 14:53:01 retainer crond(pam_unix)[13062]: session opened for user root by (uid=0) Jun 17 14:53:01 retainer crond(pam_unix)[13062]: session closed for user root Jun 1...

...y was trying to get into server by guessing my password by brute force. what would be the best to stop this attack and how? the server running apache mysql and ftp PORT STATE SERVICE 21/tcp open ftp 80/tcp open http 443/tcp open https 3306/tcp open mysql ... Jan 22 16:07:14 user vsftpd(pam_unix)[17462]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=195.95.228.150 Jan 22 16:07:16 user vsftpd(pam_unix)[16737]: check pass; user unknown Jan 22 16:07:16 user vsftpd(pam_unix)[16737]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=195.95.228.150 Jan 22 16:07:17...

Had two nameservers crash in the last few hours... This 'never' happens! On the console was sent an invalid ICMP type 3, code 3 error to a broadcast: 255.255.255.255 on eth0 sent an invalid ICMP type 3, code 3 error to a broadcast: 255.255.254.255 on eth0 with the IP address of the offender? in front of that line. Any ideas? Best, John Hinton

...PAM and not SSH, but how can I get a solution on this ? sshd is running without problems, no core dump. In /var/adm/messages there is the following output: auth.crit fatal: PAM pam_chauthtok failed[-1]: Unknown error that's all. Is there a workaround (like using a different PAM library and not pam_unix.so) ? Alex

I am seeing lots of these in my logs and there are often a hundered or so imap/dovecat process running. I am running RC Core3. Can anyone shead some light on how to correct this ? Jun 16 08:38:24 jidmail dovecot(pam_unix)[27653]: check pass; user unknown Jun 16 08:38:24 jidmail dovecot(pam_unix)[27653]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Jun 16 08:38:24 jidmail dovecot(pam_unix)[27657]: check pass; user unknown Jun 16 08:38:24 jidmail dovecot(pam_unix)[27657]: authentication failure; l...

>> But instead i get >> centos: sshd[7929]: pam_unix(sshd:session): session opened for user >> <username> > > "pam_unix" should be an indication that <username> appears in the local > unix password files. Make sure that it doesn't. Nope. None of the usernames i tried is in /etc/passwd or /etc/shadow >...

...ent pam_opie.so no_fake_prompts #login auth required pam_opieaccess.so login auth requisite pam_cleartext_pass_ok.so #login auth sufficient pam_kerberosIV.so try_first_pass #login auth sufficient pam_krb5.so try_first_pass login auth required pam_unix.so try_first_pass login account required pam_unix.so login password required pam_permit.so login session required pam_permit.so # Same requirement for ftpd as login ftpd auth sufficient pam_skey.so ftpd auth sufficient pam_opie.so no_fake_prompts #ft...

...the logs that the rules are in affect? b: since I installed via Git and ran "make" how to I get wforce --daemon to start on reboot? Is there a systemd file available? c: How do I create a lua policy that would catch these web dovecot login attempts? Feb 27 08:19:53 ourserver auth[15085]: pam_unix(dovecot:auth): check pass; user unknown Feb 27 08:19:53 ourserver auth[15085]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= user at ourserver.ourdomain.edu rhost=177.72.0.158 Feb 27 08:20:35 ourserver auth[15085]: pam_unix(dovecot:auth): check pass; user...

...Tue May 31 23:34:43 EDT 2005 (build 499a3fe287246f2c105501b67e8a146d) Jun 1 19:09:35 linux2 kernel: OCFS2 DLMFS 0.99.10-BETA14 Tue May 31 23:34:43 EDT 2005 (build 499a3fe287246f2c105501b67e8a146d) Jun 1 19:09:35 linux2 kernel: OCFS2 User DLM kernel interface loaded Jun 1 19:10:01 linux2 crond(pam_unix)[2590]: session opened for user root by (uid=0) Jun 1 19:10:01 linux2 crond(pam_unix)[2592]: session opened for user root by (uid=0) Jun 1 19:10:02 linux2 crond(pam_unix)[2590]: session closed for user root Jun 1 19:10:02 linux2 crond(pam_unix)[2592]: session closed for user root Jun 1 19:11:...

...Tue May 31 23:34:43 EDT 2005 (build 499a3fe287246f2c105501b67e8a146d) Jun 1 19:09:35 linux2 kernel: OCFS2 DLMFS 0.99.10-BETA14 Tue May 31 23:34:43 EDT 2005 (build 499a3fe287246f2c105501b67e8a146d) Jun 1 19:09:35 linux2 kernel: OCFS2 User DLM kernel interface loaded Jun 1 19:10:01 linux2 crond(pam_unix)[2590]: session opened for user root by (uid=0) Jun 1 19:10:01 linux2 crond(pam_unix)[2592]: session opened for user root by (uid=0) Jun 1 19:10:02 linux2 crond(pam_unix)[2590]: session closed for user root Jun 1 19:10:02 linux2 crond(pam_unix)[2592]: session closed for user root Jun 1 19:11:...

...uot; failed: Module is unknown Failed password for mesler from 127.0.0.1 port 909 <END SSH OUTPUT> On the user end, the only error I get is : Permission denied, please try again. Here is what the error spits into the logs: Mar 27 14:32:15 tortoise sshd[66176]: adding faulty module: /usr/lib/pam_unix.so Mar 27 14:34:55 tortoise sshd[66380]: unable to dlopen(/usr/lib/pam_unix.so) Mar 27 14:34:55 tortoise sshd[66380]: [dlerror: /usr/lib/pam_unix.so: Undefined symbol "crypt" I have included the 4 PAM entries that came from the $SRCDIR/contrib/sshd.pam.freebsd into my pam.conf file. Thos...

...tc/cron.d among other places yet ever hour my logfile gets touched so to speak with this stuff and i have virtually every daemon shutoff so i am trying to figure out what it is that is doing this and would sincerely appreciate any help. what did i space or forget please? Sep 11 05:01:01 ns1 crond(pam_unix)[27023]: session opened for user root by (uid=0) Sep 11 05:01:01 ns1 crond(pam_unix)[27023]: session closed for user root Sep 11 06:01:01 ns1 crond(pam_unix)[27027]: session opened for user root by (uid=0) Sep 11 06:01:01 ns1 crond(pam_unix)[27027]: session closed for user root Sep 11 07:01:01 ns1...

>From my secure log: Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:64.31.19.48 Sep 19 01:16:44 lin12 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user aa...

Hi there, I know this is the classic RTFM list question but... I've really tried hard on this and no result! This is what I'm receving from logcheck: System Events =-=-=-=-=-=-= Apr 3 06:55:13 bsg sshd[32246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.233.245.226 user=root Apr 3 06:55:19 bsg sshd[32248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.233.245.226 user=root Apr 3 06:55:25 bsg sshd[32250]: pam_unix(sshd:...

...I am having a small issue with LDAP, and I hope someone here might be able to provide a few tips. I am unable to authenticate as user 'testuser' on server 'storage' and the following errors appear in /var/log/messages on server 'storage' Sep 19 16:56:17 storage sshd(pam_unix)[3124]: check pass; user unknown Sep 19 16:56:17 storage sshd(pam_unix)[3124]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=test-kja1 Sep 19 16:56:17 storage sshd[3124]: pam_ldap: error trying to bind as user "uid=testuser,ou=People,dc=example,dc=local" (Invali...

...n user list in the passwd format, and getent group does the same. I've then set up my /etc/pam.d/login to match the one on the HOWTO. The problem is that when I go to login (username: DOMAIN+user), the workstation won't log me in. My messages log returns only: Feb 19 13:20:46 Martyr gdm(pam_unix)[835]: check pass; user unknown Feb 19 13:20:46 Martyr gdm(pam_unix)[835]: authentication failure; logname= uid=0 euid=0 tty=:0 ruser=gdm rhost=localhost Feb 19 13:20:47 Martyr gdm-binary[835]: Couldn't authenticate user Any help is greatly appreciated, and thanks in advance! Khanh Tran Netw...

Hi dovecot, I am using the debian dovecot packages on a system running LDAP. My /etc/pam.d/common-* looks like this, which simply means try /etc/passwd first, and try LDAP using the same password if it is failed. account [success=1 default=ignore] pam_unix.so account required pam_ldap.so use_first_pass account required pam_permit.so auth [success=1 default=ignore] pam_unix.so auth required pam_ldap.so use_first_pass auth required pam_permit.so session [success=1 default=ignore] pam_unix.so session required pam_ldap.so use_first_pass session...

...3.4 template shell = /bin/bash template homedir = /home/%D/%U ;Logging log level = 2 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d common-account: account [success=2 default=ignore] pam_winbind.so account [success=1 default=ignore] pam_unix.so account requisite pam_deny.so account required pam_permit.so common-auth: auth [success=2 default=ignore] pam_unix.so nullok_secure auth [success=1 default=ignore] pam_winbind.so use_first_pass auth requisite pam_deny.so auth optional pam_mount.so auth required pam_permit.so common-password:...

...key yes /etc/pam.d had the following.  ( all settings are done with pam-auth-update ) samba @include common-auth @include common-account @include common-session-noninteractive common-auth auth    [success=5 default=ignore]      pam_krb5.so minimum_uid=1000 auth    [success=4 default=ignore]      pam_unix.so nullok_secure try_first_pass auth    [success=3 default=ignore]      pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass auth    [success=2 default=ignore]      pam_ccreds.so minimum_uid=1000 action=validate use_first_pass auth    [default=ignore]                pam_ccreds...

...:36 2015) [sssd[be[default]]] [pam_print_data] (0x0100): priv: 0 (Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data] (0x0100): cli_pid: 5921 (Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data] (0x0100): logon name: not set journalctl: May 12 13:16:36 localhost sshd[5917]: pam_unix(sshd:auth): unrecognized ENCRYPT_METHOD value [DES] May 12 13:16:36 localhost sshd[5917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=myhost.mydomain.com user=USER May 12 13:16:36 localhost sshd[5917]: pam_sss(sshd:auth): authentication success; logname=...