similar to: Attacking Dovecot

Dears, We have a mail server (RHEL 6.0, Postfix and Dovecot 1.0.7). The output of dovecot -n is the following: # 1.0.7: /etc/dovecot.conf protocols: pop3 login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/pop3-login mail_location: mbox:~/mail:INBOX=/var/mail/%u mail_executable: /usr/libexec/dovecot/pop3 mail_plugin_dir: /usr/lib/dovecot/pop3

**Unmatched Entries** gdm[5342]: pam_succeed_if(gdm:auth): error retrieving information about user gdm[5342]: pam_succeed_if(gdm:auth): error retrieving information about user gdm[5342]: pam_succeed_if(gdm:auth): error retrieving information about user 9 gdm[5342]: pam_succeed_if(gdm:auth): error retrieving information about user gdm[5342]: pam_succeed_if(gdm:auth): error retrieving

It seems there was some kind of attack against dovecot on my server (CentOS-5.5) with a hundred or so logwatch entries like: ========================================= **Unmatched Entries** dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user admin dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user webmaster

>From my secure log: Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:64.31.19.48 Sep 19 01:16:44 lin12 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user aaron Sep 19 01:16:45 lin12

Tried single quotes on Domain Admins in the pam.d file as well as a backslash on the space with no effect. I've found several references that just say "no spaces in group names." Is there really no way to do this? Also, most references I find to using these lines in pam.d say that "sufficient" should work, but I'm finding that users in the named group can then log in

Thanks to Anthony Ciarochi at Centeris for this solution. I have a Centos (Red Hat-based) server that is now accessible to AD users AND local users via ssh. I can control which AD groups can login using the syntax below. Red Hat-based distros use "pam_stack" in pam.d which is quite different than Debian's "include" based pam.d, cat /etc/pam.d/sshd #

one more thing: firewalld service and selinux are deactivated. On 05/11/2015 07:06 PM, Ulrich Hiller wrote: > Hmmm...., i have made now a complete new install but the problem > persists: ldap authentication works, but the host attribute is ignored. > > I have installed CentOS7 64bit with KDE. > I did not do any 'yum update' or install of extra packages so far. > >

Ive recently installed three servers with RHEL5u5. After some messing on the original, I got samba working with ADS authentication. I then went and got it working so that users could log in using their domain name & password to the box. I got this working with both no restriction, and ADS group restriction. I have left it on no restriction wheil I get these systems up and running. I then

Dear All, Is it possible to make any authorization (eg. checking of group membership) in case of GSSAPI authentication? Our dovecot authenticates the users against PAM and GSSAPI. In the PAM file I'm able to check if a user is a member of a selected (e.g mailreader) group. If the user is member, he can login otherwise not (see below). If the user has a valid Kerberos ticket and he

>> But instead i get >> centos: sshd[7929]: pam_unix(sshd:session): session opened for user >> <username> > > "pam_unix" should be an indication that <username> appears in the local > unix password files. Make sure that it doesn't. Nope. None of the usernames i tried is in /etc/passwd or /etc/shadow > > What do /etc/pam.d/sshd and

Hi Rowland, This is a CentOS 6.7 server. I was able to make some progress. I have edited /etc/pam.d/system-auth, and now it looks like: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account

Hi all, I am a bit confused about the usage of pam_mount. Here is my /etc/pam.d/system-auth: auth required pam_env.so auth required pam_mount.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth required pam_deny.so account

Hi List, optimizing the configuration on one of our servers (which was hit by a brute force attack on dovecot) showed an odd behavior. The short story: On one of our servers an attacker did a brute force attack on dovecot (pop3). Since the attacker closed and reopened the connection after every user/password combination the logs showed many lines like this: dovecot: pop3-login: Aborted

passwd: Authentication token manipulation error smbpasswd: machine 127.0.0.1 rejected the password change: Error was : Wrong Password best regards [FACILITY/btombul at samba ~]$ passwd Changing password for user FACILITY/btombul. Changing password for FACILITY/btombul (current) NT password: New password: Retype new password: passwd: Authentication token manipulation error [FACILITY/btombul at

Hi, The default system-auth file for PAM on CentOS has the following auth section: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so What's the use of the pam_succeed_if line? It will only be reached if the pam_unix doesn't succeed and from

Hi When I enable a box to do authentication using LDAP it breaks cron for users like jboss. I get the following in /var/log/secure Sep 14 15:25:01 exoipatest01 crond[7214]: pam_access(crond:account): access denied for user `jboss' from `cron' I have the following in /etc/ldap.conf nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,tomcat,radiusd,news,mailman,nscd,jboss

This seems to be common thread on the list, but I'm pulling my hair out and have to ask.. I've been following a couple of guides and using AD to authenticate users on my linux system. These include the ubuntu guide -- https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto - https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member -

Hello, I?m trying to use winbind to allow my AD users to logon to our linux computers. I?m using FC6 and Samba 3.0.23c-2. I have several problems: 1. When I start linux machine and immediately ofter logging in I try to check trust secret by running wbinfo -t I receive this error: checking the trust secret via RPC calls failed error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)

I have removed use_auhtok from /etc/pam.d/system-auth and now passwd is "kind of" working... I am still able to login with my old password and the new one also. But only on the linux servers that are authenticating through LDAP. On my workstation only the old password (the one I was trying to change through passwd(ssh)) works. I have noticed that my user now has a userPassword

Hi, I am setting up ctdb samba, and have hit a brick wall trying to solve the following issue. 1. getent does not retrieve the list of domain users or groups (wbinfo works fine) I'm not sure what I'm missing but I've almost spent the whole day trying to resolve this one and haven't made any progress :-( Any help or suggestions are appreciated My configuration is