search for: sufficient

...include postlogin session required pam_mkhomedir.so skel=/etc/skel/ umask=0077 /etc/pam.d/system-auth: ----------------------- #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 200 quiet_success auth sufficient pam_sss.so use_first_pass auth required pam_deny.so auth required pam_env.so auth optional pam_gnome_keyring.so account require...

...cieve a acount failure: Jul 4 13:29:59 clusterix1 pam_winbind[9688]: user 'patrikg' granted acces Jul 4 13:29:59 clusterix1 login[9688]: login account failure: Permission denied The values in pam.conf for winbind is: login auth required /usr/lib/security/pam_winbind.so other auth sufficient /usr/lib/security/pam_winbind.so login account sufficient /usr/lib/security/pam_winbind.so other account sufficient /usr/lib/security/pam_winbind.so login session sufficient /usr/lib/security/pam_winbind.so What have I missed ? /Patrik -- "In a world without fences who n...

...Failed for user root! I am making the uneducated assumption that my problem is not with samba but it is with PAM? If anyone could help me with this problem it would be greatly appreciated!!! Thanks, Jeff Meyer The smb.conf and pam.conf files that I am using are below. pam.conf login auth sufficient pam_skey.so login auth sufficient pam_opie.so no_fake_prompts #login auth required pam_opieaccess.so login auth requisite pam_cleartext_pass_ok.so #login auth sufficient pam_kerberosIV.so try_first_pass #login auth sufficient pam_krb5.so try_fi...

IT WORKS!!! I can telnet, ftp, rsh... to my Samba 3.0.1 box (Solaris 9 sparc) here is (at the end) my pam.conf (in case somebody is interested in) The trick is commenting "other accound... winbind..." string in pam.conf! My English is corrupted wnen i'm full #other account sufficient /usr/lib/security/pam_winbind.so.1 Thanks Andrew Barlett! and since now i just LOVE SAMBA :) (BTW, samba 3.0.1 and 3.0.2rc tested on solaris 9 and worked OK!) Sincerely yours, Mike bash-2.05# cat /etc/pam.conf # #ident "@(#)pam.conf 1.20 02/01/23 SMI" # # Copyright 1996-20...

.../krb5kdc/kdc.conf #[appdefaults] # pam = { # debug = false # ticket_lifetime = 36000 # renew_lifetime = 36000 # forwardable = true # krb4_convert = false # } =============================================================================== in pam:d : auth-config #%PAM-1.0 auth sufficient /lib/security/$ISA/pam_rootok.so auth required /lib/security/$ISA/pam_stack.so service=system-auth service=system-auth #auth required /lib/security/pam_securetty.so #auth required /lib/security/pam_nologin.so #auth sufficient /lib/security/pam_winbind.so #auth...

...ative pathnames, i.e., they are # relative to /usr/lib/security/$ISA. Absolute path names, as # present in this file in previous releases are still acceptable. # # Authentication management # # login service (explicit because of pam_dial_auth) # login auth requisite pam_authtok_get.so.1 login auth sufficient pam_dhkeys.so.1 login auth sufficient pam_unix_auth.so.1 login auth sufficient pam_dial_auth.so.1 login auth sufficient /usr/lib/security/pam_winbind.so.1 debug try_first_pass # # rlogin service (explicit because of pam_rhost_auth) # rlogin auth sufficient pam_rhosts_auth.so.1 rlogin au...

...ntries: 1 I think the issue might be with PAM, because comparing all files I can think of doesnt point me to any differences except /etc/pam.d/ system-auth The LDAP server 'storage' has WINBIND turned on, as follows: auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$I...

...t; > [pam] > > [sudo] > > [autofs] > > [ssh] > > > > My /etc/pam.d/system-auth > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required pam_env.so > auth sufficient pam_unix.so nullok try_first_pass > auth requisite pam_succeed_if.so uid >= 200 quiet_success > auth sufficient pam_sss.so use_first_pass > auth required pam_deny.so > > account required pam_unix.so broken_shadow > account suffi...

...PAM: cleanup % Again, If I move my public key out of the way and try to log in with a password it works fine. Since it mentions my PAM configuration, here's my /etc/pam.conf file: login auth requisite pam_authtok_get.so.1 login auth required pam_unix_cred.so.1 login auth sufficient pam_unix_auth.so.1 login auth sufficient pam_krb5.so.1 login auth sufficient pam_ldap.so.1 # dtsession auth sufficient pam_unix_auth.so.1 dtsession auth sufficient pam_krb5.so.1 dtsession auth sufficient pam_ldap.so.1 # # rlogin serv...

Dear list, How do I test whether I have access to my winbind LDAP backend from my Solaris 9 machine? My LDAP database is held on a Redhat 9.0 machine also running Samba 3.0.0. I know winbind works because getent and wbinfo show up my NT users and groups. I would also like to have people log into my Solaris 9 machine with their NT usernames, I have this working on Redhat already but Solaris is

...no writeable = yes [sarg] comment = sarg report files path = /usr/report username = domain-name.username browsable = yes read only = no #public = yes printable = no writeable = yes Pam.conf auth required pam_nologin.so no_warn auth sufficient pam_winbind.so auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth suffi...

...ibdefaults] default_realm = DNAME.LOCAL [realms] DNAME.LOCAL = { default_domain = kdc = nvautil01.DNAME.local: admin_server = nvadom01: } [domain_realm] dname.local = DNAME.LOCAL pam.d directory samba file [root@solar samba]# more /etc/pam.d/samba #%PAM-1.0 auth sufficient pam_krb5afs.so account sufficient pam_krb5afs.so auth sufficient pam_winbind.so account sufficient pam_winbind.so session sufficient pam_krb5afs.so password sufficient pam_krb5afs.so auth required pam_unix.so account required pam_unix.so s...

...protocols: files rpc: files services: files netgroup: files publickey: nisplus automount: files aliases: files nisplus /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/* /*/*/*/*/* nsswitch.conf /*/*/*/*/*/* #%PAM-1.0 auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so account sufficient /lib/security/$ISA/pam_winbind.so...

...SA. Absolute path names, as # present in this file in previous releases are still acceptable. # # Authentication management # # login service (explicit because of pam_dial_auth) # login auth required pam_winbind.so login auth requisite pam_authtok_get.so.1 debug #login auth sufficient /usr/lib/security/pam_winbind.so.1 try_first_pass debug login auth sufficient pam_dhkeys.so.1 debug login auth sufficient pam_unix_auth.so.1 debug login auth sufficient pam_dial_auth.so.1 debug #login auth sufficient /usr/lib/security/pam_winbind.so.1...

...ot; in pam.d which is quite different than Debian's "include" based pam.d, cat /etc/pam.d/sshd # ---------------------------------------------------------------------- #%PAM-1.0 auth required pam_stack.so service=system-auth auth required pam_nologin.so account sufficient pam_succeed_if.so user ingroup sshlogin account sufficient pam_succeed_if.so user ingroup wheel password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session required pam_loginuid.so session sufficient pam_mkhomedir.so s...

Hi Rowland, This is a CentOS 6.7 server. I was able to make some progress. I have edited /etc/pam.d/system-auth, and now it looks like: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient...

...ync = false workgroup = MYDOMAIN server string = %h server (Samba %v) syslog = 0; guest account = nobody load printers = yes For what it's worth, my /etc/pam.d/samba file is as follows: auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth sufficient /lib/security/pam_winbind.so use_first_pass auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so account sufficient /lib/security/pam_winbind.so use_first_pass password...

On 05/09/2015 01:24 PM, Jonathan Billings wrote: > Is it normal to have pam_unix and pam_sss twice for each each section? No. See my previous message. I think it's the result of copying portions of SuSE configurations.

...Accordint to the Samba3 HOWTO this should return me info's for users in the domain... What am I doing wrong ? Furthermore I went through this ordeal to allow domain users to authenticate with ssh. So I've modified the the /etc/pam.conf file like this (settings for ssh) : sshd auth sufficient pam_skey.so sshd auth sufficient pam_opie.so no_fake_prompts #this line is added by me sshd auth sufficient /usr/local/lib/pam_winbind.so #sshd auth requisite pam_opieaccess.so #sshd auth sufficient pam_kerberosIV.so...

...yes idmap config AES: backend = rid template shell = /bin/bash winbind use default domain = Yes winbind offline logon = Yes idmap config AES : range = 100000 - 900000 cups options = raw pam settings: auth required pam_env.so auth sufficient pam_fprintd.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth sufficient pam_winbind.so cached_login use_first_pass auth required pam_deny....