similar to: Locking user accounts

Hi, I have some databases running on CentOS4 with users accessing the shell (bash), so I'd like to strong the security on my server in user's accounts and passwords.. I mean, enforcing strong passwords, min/max age passwords, locking passwords when you fail 3 times, and all this stuff. Is there any package which do this work? Any tutorial? Thanks in advance Regards Israel

Hello, I think to have find a small pb with openssh when a Radius server is unreachable. I use radius authentication with pam my system-auth is the following auth [success=done auth_err=die default=ignore] /lib/security/pam_radius_auth.so try_first_pass debug auth [success=ignore auth_err=ignore default=ignore] pam_nologin.so file=/etc/raddb/radiusfailure auth

Is there any work going on for Samba 2.0.6 in the way of making passwords expire ? Or does anyone know how to do it ? Thanks. Alan.

Hi I am trying to lock users after 3 attempts and then set the timeout before they can log in again. I thought i could achieve this with auth required pam_tally.so deny=3 unlock_time=600 in /etc/pam.d/system-auth but it seems to not be the case - I cant find a working config for this anywhere and i wonder if anyone has one they can share? thanks

Hi Mark and thanks for your soon answer.. I found this excellent guide on internet http://www.puschitz.com/SecuringLinux.shtml... here I could fine all I was looking for about securing my database server running on CentOS.. Regards Israel, >I'm running RHEL 4.6 and am using the features you are looking to >implement. PAM is the direction to look. I have included my

hi, my smb.conf looks like this: ... security = share update encrypted = yes encrypt passwords = no ... /etc/pam.d/samba: #%PAM-1.0 auth required pam_nologin.so auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth session required

Hi all, I'm using samba with winbind which has been integrated with Active Directory. In the smb.conf file, I have template shell = /bin/bash winbind use default domain = yes to allow ssh but I don't want all the domain users to be able to ssh. Is there a way to only allow for example) domain\ssh_group which is an active directory group to be able to ssh into the server? This is my

Hi All, I am experiencing issues with the use of DBase files on a Samba 2.0.5a share, that appear to be due to locking problems. Basically, I have test programs for both DOS and Win32 that does nothing but append records to a DBase database (DBF/MDX files). If more than one client PC is appending to this file, data loss occurs. I get random data loss, with records lost, and index file

recently we upgraded a bunch of systems to OpenSSH-3.6.1p2. alot of our systems have automated logins for backups or systems checks with ssh-keys, but (i think) as a result of the Openwall/Solar Designer patch, pam_tally is incrementing off the scales. pam_tally is tallying failed logins for keyed-only accounts: attempts are made to authenticate those accounts via password authentication before

Hi, I'm currently using, CentOS release 4.8 (Final) and wanted to update the pam_tally module to support unlock_time. I understand this is only support on centos 5.x and up. What are my options for updating pam_tally to support unlock_time, can I simply download and update from a centos repo or should I compile pam. I would appreciate some suggestions. paul -------------- next part

Thank you for your reply. Below are the entries for winbind I have in my smb.conf. Do you see any problems with them? # separate domain and username with '+', like DOMAIN+username winbind separator = + # use uids from 10000 to 20000 for domain users winbind uid = 10000-20000 # user gids from 10000 to 20000 for domain groups winbind gid = 10000-20000 # allow enumeration of winbind users

List, I am unable to log into a terminal using Winbind service. I have the login file correctly modifyed and nsswitch too. I have the 2.2.5 version of SAMBA with the new winbind. SAMBA shares work great, so I think it is something else. I get this error in the messages log: Jul 9 11:46:01 alblinux sshd(pam_unix)[5463]: check pass; user unknown Jul 9 11:46:01 alblinux sshd(pam_unix)[5463]:

I am new to samba. I followed the docs on samba.com to configure samba as "domain member", security = domain, and to user winbind to authenticate users against windows 2003 AD. well, my question is the steps mentioned the use of PAM to do the authentications against the AD but it doesn't work - do I also need to configure kerberos for this type of installation? [root@itbox john]#

Hi all, I was wondering if someone could lend a little assistance. I recently setup SAMBA/Winbind to allow users to login to a Redhat 8 box using their Windows NT Domain credentials. All is working well in that regard. The issue I am having is getting regular UNIX based users to be able to login. The following is my PAM configuration. For example, if I try to login as root, it does not work.

Hello, I am have some interesting problems with the pam_winbind portion of samba 3.1. wbinfo -u and getent passwd works but when I login I get the following messages in /var/log/messages. Jan 5 11:09:36 hermes pam_winbind[9014]: write to socket failed! Jan 5 11:09:36 hermes pam_winbind[9014]: internal module error (retval = 3, user = `CSQ+shane' Jan 5 11:09:36 hermes PAM_pwdb[9014]: check

Hello guys, I have a Linux Box win R.H 7.2; I have compiled samba2.2.2 but I don't find the library pam_winbind.so. Someone can help me. Thanks, Dadi

Hello all, I have a samba 2.2.1a server running as the PDC of my network on a Mandrake 8.0 system with a reiserFS partition. I am serving for the win98 clients a small DOS clipper program with a DBF database. The programs run well on the workstations when there is only one user using it, when another user try to use the same program it starts to get very slow. I think this is a lock

Hi, I built rpm from openssh-2.5.1p1 srpm on redhat 6.2, then installed it. When trying to ssh from other machine, sshd gives error: ..... Feb 20 17:54:24 foo PAM_pwdb[925]: (login) session opened for user doe by LOGIN(uid=0) Feb 20 17:55:15 foo sshd[1342]: Connection closed by 192.168.0.3 Feb 20 17:55:43 foo sshd[1343]: PAM unable to dlopen(/lib/security/pam_stack.so) Feb 20 17:55:43 foo

This is more of a pam question then a samba question, but I thought I'd start here and see if I can get an answer. I've gotten pam_winbind.so working with gdm (on RHAT 8) using the following /etc/pam.d/gdm file. I've put + signs to show the lines I added I added to the stock RHAT 8 gdm pam def.: #%PAM-1.0 + auth sufficient /lib/security/pam_winbind.so + auth

I've installed SAMBA, Winbind etc and everything is working great for users to login with GDM using DOMAIN+username Although this is working, now I can no longer login as a generic Linux user (ex. root). The following is my GDM file from /etc/pam.d/gdm I wonder if someone might have a suggestion as to what it's missing to allow Linux users to login? #%PAM-1.0 auth required