similar to: Select pam module for select users

Someone on the pam mailing list suggested I try my question here. In our pam.d/imap we have: account required pam_permit.so auth sufficient pam_winbind.so try_first_pass Authentication for imap works fine with this. If we switch to : account sufficient pam_winbind.so for the first line, then logins using their AD password fail. We also have a non-AD ldap

Hi ya'll- I've got this odd openssh problem with Solaris 10 I was hoping someone could shed some light on. Not sure if it is a bug... Basically I'm trying to use pubkeys as an auth method, but am having issues. I can log in using passwords no problem, but as soon as it notices a matching public key it closes the connection. I ran the sshd server (on Solaris 10 box) in debug

Hello Andrew, I'm a little stuck with my login authentication for my Samba 3 box. With the new features in Samba 3 - Should I be able to provide username@domain & password at login that would authenticate me against our W2K ADS PDC and obtain my kerberos ticket? Please advise on the suggested way to authenticate against our Active Directory domain at login if I'm way off base on

Hi, I've configured opie (one time passwords) under FreeBSD and I came across the following problem. It looks like libpam does not stop the authentication process when a 'requisite' module fails. I find this strange as the pam 'requisite' is defined in the man pages as: requisite - failure of such a PAM results in the immediate termination of the authentication process; Here

Hi, I'm trying to integrate an existing linux environment with a Windows AD environment. All my users are already in AD with valid rfc2307 attributes defined so I need a way to authenticate my users using username, uid, gid, shell and homedirectory from AD. I've been using Kerberos+LDAPs before but that requires a dummy AD user hardcoded with username and password in /etc/ldap.conf

Hi all I'm actually trying to setup an AD authentication on linux workstations. - I've setup an windows AD 2003 server, which work fine. - I've setup linux redhat 4 enterprise server (used as a workstation for the moment) - On the redhat, I already have setup smb.conf, krb5.conf, nsswitch.conf, pam.d/login, pam.d/system_auth. I have pasted all these files below. ==> I get

Hello, having spent many hours scouring archives, docs, books and googling without finding an answer I need to ask your help on this. running samba 3.4.0-3ubuntu5.3 on ubuntu 9.10 server, client users can login to the share from windows clients but the same users is denied access when connecting from OS X via GO/Connect To Server in format smb://fqdnofserver user authentication is to active

http://bugzilla.mindrot.org/show_bug.cgi?id=688 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |822 nThis| | Status|NEW |ASSIGNED

Hi there Could you also join your krb5.conf and your pam.d/login files ? I also have the same kind of problem, and I just would like to see differences between our configurations ... Thanks for reading ! Bertram >From: Markus Klimke <m.klimke@tu-harburg.de> >To: samba@lists.samba.org >Subject: [Samba] User problem (samba, w2k3) >Date: Thu, 29 Apr 2004 13:00:53 +0200 >

Hello, This is my first post and it is to consult about an issue I am having. Here is the error I get in my logs: dovecot-auth: pam_krb5[22949]: error resolving user name 'mike' to uid/gid pair dovecot-auth: pam_krb5[22949]: error getting information about 'mike' If I use kinit to authenticate it works with no problems. Any ideas on the issue above..? Thanks..! Here is the

I am trying to configure NIS, PAM, & LDAP on a CentOS 6.2 host. I've previously installed a similar configuration on RHEL4, but CentOS now uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations are a little different. Currently, local users and groups are showing up but not LDAP users. When I do a /getent passwd/ and/getent group/ I don't get LDAP users. When I do

Hi, I have a simple setup with pam modules to use kerberos authentication (heimdal kdc) for various services, i.e. ssh/scp/sftp, ftp and others. I would like to connect my standalone smbd (no AD membership) to this system, but have problems to force smbd to use pam. local smbpasswd works spnego + kerberos works with a ticket but pam modules are not accessed at all In my test setup, local samba

Hi Everybody, We are working on samba 3.0.2a with sun kerberos SEAM and Netscape iDirectory Server support. We are able to integrate samba with ldap support. we tried integrater kerberos for authentication. We found a solution using pam via pam_krb5 module provided by the sun solaris 8. One important fact we found out using samba pam authentication, it directly calls for an account

Has anyone gotten Active Directory user passwords changed from a Linux (Ubuntu 8.04) client? I used https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto as a guide, so I'm using Kerberos and Winbind (all apt-get). Samba version is 3.0.28a with a Windows Sever 2008 R2 DC, but running AD 2003 native. The client box is an LTSP box, and I'm able to ssh in with AD accounts.

IT WORKS!!! I can telnet, ftp, rsh... to my Samba 3.0.1 box (Solaris 9 sparc) here is (at the end) my pam.conf (in case somebody is interested in) The trick is commenting "other accound... winbind..." string in pam.conf! My English is corrupted wnen i'm full #other account sufficient /usr/lib/security/pam_winbind.so.1 Thanks Andrew Barlett! and since now i just LOVE SAMBA

I?ve stumbled across a rather obscure problem with ssh. My machine is setup to use Kerberos authentication, i.e., I use the pam_krb5 module in the ssh auth section of the PAM configuration file and I have sshd compiled to accept valid Kerberos 5 tickets as well. I also use OpenAFS, so I?ve got the pam_openafs_session module in the ssh session section of the PAM configuration file. Everything

I'm working on a PAM setup that will ignore winbind/AD completely for users listed in /etc/passwd, and do the samba thing for all other users. Mostly it seems to work, but there's one weird side-effect. For non-AD users (only), an AD group "BUILTIN+users" is being added as a secondary group. If I kill winbind, it still gets added, although only the gid is available (no name).

Hmm, marco, logname=admin uid=0 euid=0 << no no.. Uid=0 ? Thats not good, root = uid 0 User setup example. Linux: Root uid 0 LinuxAdmin uid doest not matter as long within range of (see /etc/adduser.conf) FIRST_UID=1000 LAST_UID=59999 Administrator is mapped through /etc/samba/smb.conf ( usermapping) And that Admin of you, is probley migrated of ldap to AD, execpt now its not allowed

Hi I'm trying to get winbindd work with authentication for other services. Winbindd works fine in samba. I get these errors using rlogin from another server to sun10. Oct 31 08:26:11 sun10 pam_winbind[26694]: request failed, PAM error was 4, NT error was NT_STATUS_INVALID_PARAMETER Oct 31 08:26:11 sun10 pam_winbind[26694]: internal module error (retval = 4, user = `tommyf' Supported

Hi, I have successfully setup a Solaris 8 server that allows Windows AD Users to login to it (through winbind). The problem is that ALL such users can now do so. Is there a way to control which users are allowed to login while others are denied access? I have tried adding valid users = user and deny to specific users via invalid users = user It's not working. One more