similar to: cron breaking when enabling ldap

Hi I have configured a machine to authenticate against LDAP. When I log onto the box using the newly created user I see a LDAP search request for every user that exist in the directory. If I have only 20 users even a 100 that is not a problem but when I start going to 10000 users I start getting some weird errors and timeouts because of the time it takes to download the data to the client. I

Hi al.I have a problem with pam.d authentication rules. I searched on google and modified my system-auth file.Bu some rules does not works properly my system-auth like below: -------------------------- auth required pam_env.so auth required pam_tally.so onerr=fail per_user deny=3 auth sufficient pam_unix.so md5 nullok try_first_pass auth requisite

Having a difficult problem getting my pam_access.so module enforced on a 3.0.22 version of Samba. Here is my /etc/pam.d/samba file: auth required pam_winbind.so debug account required pam_access.so account sufficient pam_winbind.so debug account include system-auth session include system-auth session required pam_winbind.so debug My

I just realised that pam_access no longer works under CentOS6 - or it works differently from CentOS5. Under CentOS5, I used this configuration to restrict access to root only: # cat /etc/security/access.conf + : root : ALL - : ALL : ALL # cat /etc/pam.d/system-auth-ac ... account required pam_access.so account required pam_unix.so account sufficient pam_localuser.so

Having issues adapting our 3.4 configuration that worked very well using idmap rid in 3.3. It seems like winbind does not cache the credentials despite all of the settings being present. I can set winbind offline via smbcontrol and have it work, but if I reboot the machine (important for my laptops) off the network winbind complains that it can't find the logon server. When disconnected and

Hi, I am having a strange problem, where I cannot get pam_access to work as intended. I have placed the following line in /etc/pam.d/system-auth account required /lib/security/pam_access.so Then, in /etc/security/access.conf, I have put the following line: -:mok:10.14.44.104 I.e. I should prevent myself from logging on from host 10.14.44.104. However, when I try to log on (using

Hi all, I've had this error rear it's ugly head again and I'm not exactly sure why. The output in /var/log/message is: crond[14764]: pam_loginuid(crond:session): set_loginuid failed opening loginuid crond[14765]: pam_loginuid(crond:session): set_loginuid failed opening loginuid crond[14811]: pam_loginuid(crond:session): set_loginuid failed opening loginuid

Short version: Why does my domain member server create a sambaDomainName entry in LDAP? Long Version: I have created a Domain Member Server for a "NT4 style" Samba domain with an LDAP backend. It is a print server, running Winbind (because it solved a group SID mapping problem and an 'invalid SID' error in syslog), and it works fine in all other respects, but this: After

Hi Mark and thanks for your soon answer.. I found this excellent guide on internet http://www.puschitz.com/SecuringLinux.shtml... here I could fine all I was looking for about securing my database server running on CentOS.. Regards Israel, >I'm running RHEL 4.6 and am using the features you are looking to >implement. PAM is the direction to look. I have included my

Hi, I have some databases running on CentOS4 with users accessing the shell (bash), so I'd like to strong the security on my server in user's accounts and passwords.. I mean, enforcing strong passwords, min/max age passwords, locking passwords when you fail 3 times, and all this stuff. Is there any package which do this work? Any tutorial? Thanks in advance Regards Israel

I''m trying to change the password complexity requirements in pam.d/system-auth using augeas. I can append the values (lcredit=-1, ucredit=-1, etc) onto the correct place, but if another value is already present (i.e. lcredit=-2), the onlyif match statement doesn''t seem to support checking regular expressions inside of strings. How do I check that any numeric value exists in the

hi, i'm using suse 7.3 with samba 2.2.8 as PDC and openldap for authentification in network with wfw-, winnt-, w2k-clients. everything works fine. because not every client has the same configuration (same progs, same path's, hardware...), i got problems, if a user dosn't login from his ordinary workstation, his roaming-profile doesn't work fine. now, how can i force users only

Hi, I've stumbled upon this problem while trying to limit access to specific machine to specific domain users. I did it by setting Samba to obey PAM restrictions, and then using the pam_access PAM module ('account' clause) to do user validation (described below). On Win2000, this works fine - if an unauthorized user tries to login, Win2000 says 'Account not permitted to

Tried single quotes on Domain Admins in the pam.d file as well as a backslash on the space with no effect. I've found several references that just say "no spaces in group names." Is there really no way to do this? Also, most references I find to using these lines in pam.d say that "sufficient" should work, but I'm finding that users in the named group can then log in

I am installing smb 3.5 on a CentOS 6.2 host using smbldap-tools. I've previously installed a similar configuration on RHEL4 using smb 3.0 but CentOS now uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations cannot be moved straight across. When I do a listing of a share directory that should have user and group ownership determined by LDAP, I get the uidNumbers and

Hi folks, I want to restrict root access via ssh to certain (internal) hosts. That is what pam_access.so is for, I thought, so I configured: in /etc/security/access.conf I added (nothing in there before): + : root : 192.168.123.0/24 10.72.0.0/16 - : root : ALL in /etc/pam.d/ssh I added at the end: account required pam_access.so Then I restarted the ssh server. Basically, this kinda works.

I am trying to configure NIS, PAM, & LDAP on a CentOS 6.2 host. I've previously installed a similar configuration on RHEL4, but CentOS now uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations are a little different. Currently, local users and groups are showing up but not LDAP users. When I do a /getent passwd/ and/getent group/ I don't get LDAP users. When I do

Good Day, I am testing, in a lab environment, samba shares with ad authentication for access. My setup is as follows : * Windows 2008 RC2 * RHEL 5.9 * Windows 7 * Windows XP SP3 * Samba 3.0.33-3.39.el5_8 All machines, including the RHEL Server having been added to the Domain running on the Windows 2008 RC2 Server. As per the subject, when trying to connect, from XP or Win 7, to the shares I

the new cron in 4.2 activates the pam access module. if you have been using that to control ssh access or other things, now suddently cron is going to use it as well. this only seems to affect user crontabs and crontabs in /etc/cron.d. from some digging around i was able to determine that cron sets the tty to 'cron', so you can just add a line like: +:ALL:cron to

Hey gang, I seem to be having a brain disconnect on how to get the Augeas type to manage things that have multiple values (i.e. an Augeas tree) via Puppet. If I run this in augtool: augtool> set /files/etc/ssh/sshd_config/AllowGroups/1000 sshuser augtool> save I see this in /etc/ssh/sshd_config: AllowGroups sshuser However, if I try this in an Augeas type: augeas {