Displaying 20 results from an estimated 21 matches for "quiet_success".
2015 May 08
4
ldap host attribute is ignored
.../system-auth:
-----------------------
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 200 quiet_success
auth sufficient pam_sss.so use_first_pass
auth required pam_deny.so
auth required pam_env.so
auth optional pam_gnome_keyring.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 2000 quiet
account...
2015 May 11
2
ldap host attribute is ignored
...em-auth
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth required pam_env.so
> auth sufficient pam_unix.so nullok try_first_pass
> auth requisite pam_succeed_if.so uid >= 200 quiet_success
> auth sufficient pam_sss.so use_first_pass
> auth required pam_deny.so
>
> account required pam_unix.so broken_shadow
> account sufficient pam_succeed_if.so uid < 2000 quiet
> account [default=bad success=ok user_unknown=ignore] pam_s...
2015 May 11
3
ldap host attribute is ignored
On 05/09/2015 01:24 PM, Jonathan Billings wrote:
> Is it normal to have pam_unix and pam_sss twice for each each section?
No. See my previous message. I think it's the result of copying
portions of SuSE configurations.
2015 May 11
0
ldap host attribute is ignored
...]
[ssh]
My /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 200 quiet_success
auth sufficient pam_sss.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 2000 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required...
2015 May 11
0
ldap host attribute is ignored
...em-auth
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth required pam_env.so
> auth sufficient pam_unix.so nullok try_first_pass
> auth requisite pam_succeed_if.so uid >= 200 quiet_success
> auth sufficient pam_sss.so use_first_pass
> auth required pam_deny.so
>
> account required pam_unix.so broken_shadow
> account sufficient pam_succeed_if.so uid < 2000 quiet
> account [default=bad success=ok user_unknown=ignore] pam_s...
2014 Oct 29
1
samba ssh change password Error was: Wrong password
...------------------
password-auth-ac
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unkn...
2017 May 09
2
ssh not connecting to Active Directory in Fedora 25 workstation, wbinfo -u works; child_read_request: read_data failed: NT_STATUS_CONNECTION_RESET
...ameserver y.y.y.y.
nameserver x.x.x.x
/etc/pam.d/password-auth-ac:
auth required pam_env.so
auth [default=1 success=ok] pam_localuser.so
auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_sss.so forward_pass
auth sufficient pam_winbind.so cached_login use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid <...
2015 May 09
0
ldap host attribute is ignored
...-------
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth required pam_env.so
> auth sufficient pam_unix.so nullok try_first_pass
> auth requisite pam_succeed_if.so uid >= 200 quiet_success
> auth sufficient pam_sss.so use_first_pass
> auth required pam_deny.so
> auth required pam_env.so
> auth optional pam_gnome_keyring.so
>
> account required pam_unix.so broken_shadow
> account sufficient pam_succeed_if....
2019 Jan 10
1
vsftpd rejects users set to nologin
More digging (now that I have a better handle on how to ask the question)
reveals this bug against documentation and release notes for 7.6 to alert
updaters about this breaking change for vsftpd:
https://bugzilla.redhat.com/show_bug.cgi?id=1647485
The last comment there, #15 by "Roy":
> For a workaround to vsftpd login failures that doesn't expose your system
> to the
2019 Apr 17
0
FYI: C 7, broken cron, sort of SOLVED
...required pam_deny.so
auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >=
1000 quiet
auth [default=1 ignore=ignore success=ok] pam_localuser.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
<...>
and the other where it belongs, as the last auth line.
This is clearly a bug in the code, as pam_deny.so should ONLY be the
*last* line in the auth stanza.
We've replicated this on an RHEL workstation, and then put a ticket in.
The... odd reply (so far) was that they weren't g...
2020 Jul 28
0
kerberos ticket on login problem
...e is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth??????? required????? pam_env.so
auth??????? required????? pam_faildelay.so delay=2000000
auth??????? sufficient??? pam_unix.so nullok try_first_pass
auth??????? requisite???? pam_succeed_if.so uid >= 1000 quiet_success
auth??????? sufficient??? pam_winbind.so cached_login use_first_pass
auth??????? required????? pam_deny.so
account???? required????? pam_unix.so broken_shadow
account???? sufficient??? pam_localuser.so
account???? sufficient??? pam_succeed_if.so uid < 1000 quiet
account???? [default=bad success=...
2015 Nov 03
4
ssh authentication with AD
..." block)
common-auth
# /etc/pam.d/common-auth - authentication settings common to all services
#
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >=1000
quiet_success
auth sufficient pam_winbind.so user_first_pass
auth required pam_deny.so
# /etc/pam.d/common-password - password-related modules common to all
services
#
password requisite pam_cracklib.so
try_first_pass retry=3 type=
p...
2020 Jul 28
2
kerberos ticket on login problem
I'm experimenting with smb + winbind.
My host is joined to AD and I can login to my host fine using my AD
credentials via SSH.?? The only issue is that I don't get a Kerberos
ticket generated.
In /etc/security/pam_winbind.conf I have:
krb5_auth = yes
krb5_ccache_type = KEYRING
In /etc/krb5.conf, I also have:
default_ccache_name = KEYRING:persistent:%{uid}
Using wbinfo -K jas, then
2017 May 09
0
ssh not connecting to Active Directory in Fedora 25 workstation, wbinfo -u works; child_read_request: read_data failed: NT_STATUS_CONNECTION_RESET
....x
>
> /etc/pam.d/password-auth-ac:
> auth required pam_env.so
> auth [default=1 success=ok] pam_localuser.so
> auth [success=done ignore=ignore default=die] pam_unix.so
> nullok try_first_pass auth requisite pam_succeed_if.so uid
> >= 1000 quiet_success auth sufficient pam_sss.so
> >forward_pass
> auth sufficient pam_winbind.so cached_login use_first_pass
> auth required pam_deny.so
>
> account required pam_unix.so broken_shadow
> account sufficient pam_localuser.so
> account s...
2015 Nov 04
0
ssh authentication with AD
...# /etc/pam.d/common-auth - authentication settings common to all services
> #
> auth required pam_env.so
> auth sufficient pam_unix.so nullok try_first_pass
> auth requisite pam_succeed_if.so uid >=1000
> quiet_success
> auth sufficient pam_winbind.so user_first_pass
> auth required pam_deny.so
>
> # /etc/pam.d/common-password - password-related modules common to all
> services
> #
> password requisite pam_crackli...
2019 Apr 11
0
LMTP, PAM session and home directory autocreation
...User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth [default=1 success=ok] pam_localuser.so
auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_sss.so forward_pass
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss....
2019 Apr 09
0
LMTP, PAM session and home directory autocreating
...User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth [default=1 success=ok] pam_localuser.so
auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_sss.so forward_pass
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss....
2017 May 09
2
ssh not connecting to Active Directory in Fedora 25 workstation, wbinfo -u works; child_read_request: read_data failed: NT_STATUS_CONNECTION_RESET
...am.d/password-auth-ac:
>> auth required pam_env.so
>> auth [default=1 success=ok] pam_localuser.so
>> auth [success=done ignore=ignore default=die] pam_unix.so
>> nullok try_first_pass auth requisite pam_succeed_if.so uid
>>> = 1000 quiet_success auth sufficient pam_sss.so
>>> forward_pass
>> auth sufficient pam_winbind.so cached_login use_first_pass
>> auth required pam_deny.so
>>
>> account required pam_unix.so broken_shadow
>> account sufficient pam_localus...
2015 May 07
2
ldap host attribute is ignored
Thanks a lot for looking over the config.
I am at the topic "user data is available"
id <username>
and
getent passwd
and
ldapsearch -x -b "ou=XXX,o=YYY" uid=<username>
give the correct results
ldapsearch gives also the correct host attribute i have set in the ldap
server.
Regarding the manpage of sssd.conf the lines
access_provider = ldap
ldap_access_order =
2020 Jul 29
1
kerberos ticket on login problem
...# User changes will be destroyed the next time authconfig is run.
> auth??????? required????? pam_env.so
> auth??????? required????? pam_faildelay.so delay=2000000
> auth??????? sufficient??? pam_unix.so nullok try_first_pass
> auth??????? requisite???? pam_succeed_if.so uid >= 1000 quiet_success
> auth??????? sufficient??? pam_winbind.so cached_login use_first_pass
> auth??????? required????? pam_deny.so
> account???? required????? pam_unix.so broken_shadow
> account???? sufficient??? pam_localuser.so
> account???? sufficient??? pam_succeed_if.so uid < 1000 quiet
> acc...