similar to: [Bug 1215] sshd requires entry from getpwnam for PAM accounts

Hello, I have the following problem: I have installed openssh-1.2.2 on FreeBSD 3.4-RELEASE. I intentionally did not took the FreeBSD port because it does not support PAM. My aim is to make sshd authenticate against a TACACS+ server using the pam_tacplus.so module shipped with FreeBSD. That works perfectly with this line in my /etc/pam.conf: login auth sufficient pam_tacplus.so

Hi, I am trying to get Openssh 5.5p1 to work with TACACS+. I have the TACACS + PAM module compiled on Ubuntu. I have compiled SSH --with-pam. When the user is defined in /etc/passwd, the SSH authentication to the TACACS+ server takes place successfully. If I REMOVE the user from /etc/passwd OpenSSH sends a string called INCORRECT to the TACACS+ server and it denies authentication. I am trying

Hi I am trying to write pam_radius module which talks to RADIUS server for aaa. I see sshd checks /etc/passwd for user list. Since RADIUS server has user list, can sshd ignore this check for RADIUS/TACACS+ authentication, Please suggest if there are any flags to control it. I am using the following versions. OpenSSH_6.6p1, OpenSSL 1.0.2n 7 Dec 2017 I see sssd (NAS) being used for such use

On Wed, 2018-01-03 at 13:50 +0530, Sudarshan Soma wrote: > HI, I do see some refernce on it: but seems not closed > https://marc.info/?l=secure-shell&m=115513863409952&w=2 > > http://bugzilla.mindrot.org/show_bug.cgi?id=1215 > > > Is this patch available in latest versions, 7.6? No. It never was. The SSSD is using NSS (Name Service Switch) [1] way of getting

I've been trying to figure out the proper way of doing this, but haven't stumbled across it yet. For example, I want to give a windows group write access to a share. [share] write list = XXX Should X be in the format of: @DOMAIN\Group DOMAIN\Group 'DOMAIN\Group' What about groups like Domain Users which have a space in the domain name? 'DOMAIN\Domain Users'? Myabe

Sudarshan Soma wrote: > Does sssd/NSS has a way to fetch user names from sources like > RADIUS/TACACS server? My impression is that while this might be theoretically possible, nobody does this. Especially it's not clear to me how you would push group membership to the system. And AFAICS in case of TACACS+ there's also only a single "role" available (translate this to

http://bugzilla.mindrot.org/show_bug.cgi?id=1215 Summary: sshd requires entry from getpwnam for PAM accounts Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: PAM support AssignedTo: bitbucket at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=1215 Matt Joyce <matt.joyce at cloudscaling.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |matt.joyce at cloudscaling.com --- Comment #13 from Matt Joyce <matt.joyce at cloudscaling.com> ---

abrams:~# kinit admin@CORP.TCC.INET This seems to work just fine. abrams:~# net ads join "TwinCities\TTAGS\SERVERS" [2004/12/28 18:52:20, 0] libads/ldap.c:ads_add_machine_acct(1475) Warning: ads_set_machine_sd: Unexpected information received Using short domain name -- CORP [2004/12/28 18:52:23, 0] libads/kerberos.c:get_service_ticket(335) get_service_ticket: kerberos_kinit_password

http://bugzilla.mindrot.org/show_bug.cgi?id=1215 ------- Comment #3 from vadud3 at gmail.com 2006-10-02 04:00 ------- (In reply to comment #2) > Created an attachment (id=1171) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1171&action=view) [edit] > make sshd handle when getpwnam doesn't know about the user but PAM does > > Updated patch (against 4.3p2). Leaks

Hi All, is there an RPM for it for CentOS.? I tried "yum install tacacs+" but got nothing. I also checked dags repo and found nothing. Cheers. Mark Sargent.

Hi, I am Vishwanath, I got one requirement from our clients regarding remote authentication. In which all users info present in remote user database. Currently using openssh for SSH connections. To open a new remote session via SSH, the openssh will look into the /etc/passwd file. If user present then it will allow to login using password or key authentication. But in my case all user info is

Hi We recenlty ugraded to openssh-3.7.1p2. Our architecture is ssh daemon uses pam module which sends request to remote radius/tacacs+ servers based on configuration. Now if I create the user in /etc/passwd, then ssh daemon calls pam and everthing works fine. But if the user is not present in /etc/passwd, then ssh daemon is not calling pam. The debug log is given below. All these

https://bugzilla.mindrot.org/show_bug.cgi?id=1215 --- Comment #12 from Aaron Smith <soccergeek76 at gmail.com> 2008-10-15 16:19:59 --- Created an attachment (id=1574) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1574) Debug output of accounting failure I am trying to use patches 1171, 1298, and 1300 in conjunction with the pam_radius library. Authentication works fine, but

https://bugzilla.mindrot.org/show_bug.cgi?id=1215 Brad Huntting <huntting at glarp.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |huntting at glarp.com --- Comment #21 from Brad Huntting <huntting at glarp.com> --- In most environments

Is there any working solution to proxy tacacs+ to radius server? (it can be commercial too?) I found this old project: http://portal-to-web.de/tacacs/, but it is a bit antique? -- Eero

Hello, I'm seeing syslog messages "bleed" from the host and other LXC into the messages, maillog, secure logs of other LXCs. I'm using libvirt 1.0.0 on a host with systemd and kernel 3.9.10. Each LXC is running an older non-systemd linux distribution Is this a known issue? Is there a work around? Thank you for you time, Jim -- James R. Leu | Director of Technology | INOC

I've implemented a patch to openssh which allows the PAM auth layer to detect if the PAM stack has changed the user name and then adjusts its internal data structures accordingly. (imagine a PAM stack that uses individual credentials to authenticate, but assigns the user to a role account). First, is the openssh community interested in this patch? Second, if there is interest in the patch,

I checked most samba 4 related posts and couldn't fine the answer. Is there any targeted date for samba4 to become stable? thanks, Ying

This is my first venture into the world of Samba 3. I have a Win2003 AD domain in native mode (no Win2000, NT4 domain controllers.) My samba server successfully joined the domain. The problem I'm having is when I try to access shares on the samba server from a windows client, I get a Username/Password prompt. Giving my AD username/password doesn't work. Tried all variations of my