Displaying 20 results from an estimated 2000 matches similar to: "cron breaking when enabling ldap"
2010 Oct 26
1
Every user in LDAP queried when one user logs on.
Hi
I have configured a machine to authenticate against LDAP. When I log onto the box using the newly created user I see a LDAP search request for every user that exist in the directory. If I have only 20 users even a 100 that is not a problem but when I start going to 10000 users I start getting some weird errors and timeouts because of the time it takes to download the data to the client.
I
2008 Oct 27
0
system-auth on CentOS 5.2
Hi al.I have a problem with pam.d authentication rules.
I searched on google and modified my system-auth file.Bu some rules
does not works properly
my system-auth like below:
--------------------------
auth required pam_env.so
auth required pam_tally.so onerr=fail per_user deny=3
auth sufficient pam_unix.so md5 nullok try_first_pass
auth requisite
2006 Nov 21
1
Samba selectively obeying pam restrictions
Having a difficult problem getting my pam_access.so module enforced on a 3.0.22 version of Samba.
Here is my /etc/pam.d/samba file:
auth required pam_winbind.so debug
account required pam_access.so
account sufficient pam_winbind.so debug
account include system-auth
session include system-auth
session required pam_winbind.so debug
My
2012 Oct 10
1
CentOS6 and pam_access
I just realised that pam_access no longer works under CentOS6 - or it works
differently from CentOS5.
Under CentOS5, I used this configuration to restrict access to root only:
# cat /etc/security/access.conf
+ : root : ALL
- : ALL : ALL
# cat /etc/pam.d/system-auth-ac
...
account required pam_access.so
account required pam_unix.so
account sufficient pam_localuser.so
2010 Apr 16
1
offline logon in 3.4.7-58
Having issues adapting our 3.4 configuration that worked very well using idmap rid in 3.3.
It seems like winbind does not cache the credentials despite all of the settings being present. I can set winbind offline via smbcontrol and have it work, but if I reboot the machine (important for my laptops) off the network winbind complains that it can't find the logon server.
When disconnected and
2007 Sep 15
1
Cron set_loginuid failed opening loginuid errors.
Hi all,
I've had this error rear it's ugly head again and I'm not exactly
sure why. The output in /var/log/message is:
crond[14764]: pam_loginuid(crond:session): set_loginuid failed
opening loginuid
crond[14765]: pam_loginuid(crond:session): set_loginuid failed
opening loginuid
crond[14811]: pam_loginuid(crond:session): set_loginuid failed
opening loginuid
2006 Nov 29
1
pam_access not working?
Hi,
I am having a strange problem, where I cannot get pam_access to work as
intended. I have placed the following line in /etc/pam.d/system-auth
account required /lib/security/pam_access.so
Then, in /etc/security/access.conf, I have put the following line:
-:mok:10.14.44.104
I.e. I should prevent myself from logging on from host 10.14.44.104.
However, when I try to log on (using
2008 Jan 26
3
Member Server creates sambaDomainName LDAP entry
Short version:
Why does my domain member server create a sambaDomainName entry in LDAP?
Long Version:
I have created a Domain Member Server for a "NT4 style" Samba domain
with an LDAP backend.
It is a print server, running Winbind (because it solved a group SID
mapping problem and an 'invalid SID' error in syslog), and it works fine
in all other respects, but this:
After
2008 Feb 04
0
RE: Strong security in user's accounts and paswords..[SOLVE]
Hi Mark and thanks for your soon answer.. I found this excellent guide
on internet http://www.puschitz.com/SecuringLinux.shtml... here I could
fine all I was looking for about securing my database server running on
CentOS..
Regards
Israel,
>I'm running RHEL 4.6 and am using the features you are looking to
>implement. PAM is the direction to look. I have included my
2008 Feb 04
1
Strong security in user's accounts and paswords..
Hi, I have some databases running on CentOS4 with users accessing the
shell (bash), so I'd like to strong the security on my server in user's
accounts and passwords.. I mean, enforcing strong passwords, min/max age
passwords, locking passwords when you fail 3 times, and all this stuff.
Is there any package which do this work? Any tutorial?
Thanks in advance
Regards
Israel
2010 Feb 18
7
Augeas pam.d argument checking
I''m trying to change the password complexity requirements in
pam.d/system-auth using augeas. I can append the values (lcredit=-1,
ucredit=-1, etc) onto the correct place, but if another value is
already present (i.e. lcredit=-2), the onlyif match statement doesn''t
seem to support checking regular expressions inside of strings. How do
I check that any numeric value exists in the
2003 Nov 07
2
samba + user/host authentification
hi, i'm using suse 7.3 with samba 2.2.8 as PDC and openldap for
authentification in network with wfw-, winnt-, w2k-clients. everything works
fine.
because not every client has the same configuration (same progs, same
path's, hardware...), i got problems, if a user dosn't login from his
ordinary workstation, his roaming-profile doesn't work fine.
now, how can i force users only
2002 Jun 03
1
WinXP allows login to expired/forbidden accounts
Hi,
I've stumbled upon this problem while trying to limit access to specific
machine to specific domain users. I did it by setting Samba to obey PAM
restrictions, and then using the pam_access PAM module ('account' clause)
to do user validation (described below).
On Win2000, this works fine - if an unauthorized user tries to login,
Win2000 says 'Account not permitted to
2013 Feb 15
1
Problem with User and Group Ownership listing
I am installing smb 3.5 on a CentOS 6.2 host using smbldap-tools. I've
previously installed a similar configuration on RHEL4 using smb 3.0 but
CentOS now uses nss-pam-ldapd and nslcd instead of nss_ldap, so the
configurations cannot be moved straight across.
When I do a listing of a share directory that should have user and group
ownership determined by LDAP, I get the uidNumbers and
2012 May 31
1
Tangential Issue: idmap backend = ad and Active Directory 2008R2
Tried single quotes on Domain Admins in the pam.d file as well as a backslash on the space with no effect. I've found several references that just say "no spaces in group names." Is there really no way to do this?
Also, most references I find to using these lines in pam.d say that "sufficient" should work, but I'm finding that users in the named group can then log in
2009 Mar 20
1
pam_access.so restrictions not working - syntax errors?
Hi folks,
I want to restrict root access via ssh to certain (internal) hosts.
That is what pam_access.so is for, I thought, so I configured:
in /etc/security/access.conf I added (nothing in there before):
+ : root : 192.168.123.0/24 10.72.0.0/16
- : root : ALL
in /etc/pam.d/ssh I added at the end:
account required pam_access.so
Then I restarted the ssh server.
Basically, this kinda works.
2013 Feb 20
3
LDAP users/groups not showing up with nis, pam, & ldap
I am trying to configure NIS, PAM, & LDAP on a CentOS 6.2 host. I've
previously installed a similar configuration on RHEL4, but CentOS now
uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations
are a little different.
Currently, local users and groups are showing up but not LDAP users.
When I do a /getent passwd/ and/getent group/ I don't get LDAP users.
When I do
2013 Jun 19
1
"The account is not authorized to login from this station"
Good Day,
I am testing, in a lab environment, samba shares with ad authentication for access. My setup is as follows :
* Windows 2008 RC2
* RHEL 5.9
* Windows 7
* Windows XP SP3
* Samba 3.0.33-3.39.el5_8
All machines, including the RHEL Server having been added to the Domain running on the Windows 2008 RC2 Server.
As per the subject, when trying to connect, from XP or Win 7, to the shares I
2005 Oct 21
0
a gotcha with cron and 4.2
the new cron in 4.2 activates the pam access module. if you have been
using that to control ssh access or other things, now suddently cron is
going to use it as well. this only seems to affect user crontabs and
crontabs in /etc/cron.d. from some digging around i was able to determine
that cron sets the tty to 'cron', so you can just add a line like:
+:ALL:cron
to
2009 Mar 02
31
Using Augeas type to update sshd_config's AllowGroups
Hey gang,
I seem to be having a brain disconnect on how to get the Augeas type to
manage things that have multiple values (i.e. an Augeas tree) via Puppet.
If I run this in augtool:
augtool> set /files/etc/ssh/sshd_config/AllowGroups/1000 sshuser
augtool> save
I see this in /etc/ssh/sshd_config:
AllowGroups sshuser
However, if I try this in an Augeas type:
augeas {