Displaying 20 results from an estimated 3000 matches similar to: "Question about pam_winbind"
2011 Jun 17
2
Restricting logins using pam_winbind require_membership_of ?
Hi.
I have some shares on a server that are offered to specific Active Directory
user groups, but the business doesn't want those users to be able to login
to the server. If I were to add "require_membership_of" to pam_winbind to
limit logins and shut out the users I don't want, would it also have the
side effect of denying those users access to the shares as well?
Regards,
2003 Jun 13
1
Dovecot configuration with passwd-file
I have tried to configure dovecot to use passwd-file authentication and I
havent been able to. I changed the following in the dovecot.conf file (I
want to have all the mailboxes in one directory):
default_mail_env = maildir:/opt/mail/%u
auth_userdb = passwd-file /etc/passwd.imap
auth_passdb = passwd-file /etc/passwd.imap
auth_verbose = yes
It gives me the following error (I hoped it would be
2003 Jun 12
1
Debian and dovecot
I have Debian 3.0 (woody) and installed the dovecot packages and it works ok
with the default configuration. I want to change the default configuration,
is any of this possible?
a) I don't want to create accounts for each user, can I have a mailboxes
directory with the mailboxes of all the users? They are not many (10-15).
b) The authentication right now is done through PAM, the
2009 Nov 12
2
Looking for AIX Users of Winbind -- Authorization and SSH Problems
Hi all,
I've got Samba with Winbind working on AIX 5.3 and 6.1 fairly well with
Active Directory 2003. In fact, I'd say short of 2 very important services,
it's working almost perfectly. Unfortunately, these 2 services are quite
critical, and without them I'm afraid we'll have to resort to some sort of
proprietary identity solution like Novell, which I'm not crazy about.
2008 Jan 03
1
require_membership_of being ignored?
Hi, I'm setting up a Gentoo samba server for home directories on a 2003 ADS
network.
I've decided to use pam_mkhomedir.to have the fileserver automagically create
their home when they first log in. But we don't want everyone to log in, just
the members of the AD group filesurfer-users.
The problem: Regardless of what I put as a require_membership_of= in the samba
pam file, any domain
2017 Mar 13
1
pam_winbind with trusted domain
Hi,
I am having problems using pam_winbind to log in as a user in a trusted domain. The arrangement is that Samba is joined to a local domain DOMLOCAL which has a trust setup with DOMREMOTE. getent passwd/group correctly enumerates users and groups from DOMLOCAL.
If I try getent passwd for the DOMREMOTE account no result is returned. pam_winbind has a requirement that the user is a member of
2008 Aug 06
1
winbindd behaving oddly
Hello folks,
Been beating my head with an winbind and pam just behaving oddly. I have following
various HOW-TO's, wiki's, and docs, and just can't seem to get past a wall. Here a
some of the issues:
- the 1st attempt at ssh'ing to a server gives me a 'Wrong Password' in the logs. Here's
an exact snippet:
Aug 6 18:45:40 mia21654bcu001 sshd[5371]: pam_winbind(sshd):
2017 Dec 01
2
Restricting AD group logging on to Servers
> -----Original Message-----
> From: Rowland Penny [mailto:rpenny at samba.org]
> Sent: 01 December 2017 17:40
> To: samba at lists.samba.org
> Cc: Roy Eastwood
> Subject: Re: [Samba] Restricting AD group logging on to Servers
>
> On Fri, 1 Dec 2017 17:06:42 -0000
> Roy Eastwood via samba <samba at lists.samba.org> wrote:
>
> > Hi,
> > I have a
2013 Jan 24
3
require_membership_of is ignored
I have a RHEL 6.3 machine successfully bound to AD using winbind, and commands like wbinfo -u and wbinfo -g output the users and groups. I can also log in as any AD user.
The problem is, I can log on as any AD user.
require_membership_of is being ignored. I can put in a valid group with no spaces in the name, a group by SID, and either way, everyone can log in.
I've put this option in both
2008 Jan 23
0
strange issues with pam_winbind and sudo
I have two issues, potentially related, potentially not. First
off, a bit about my environment:
I am experiencing the same issues on two boxes, one of which is
running red hat linux ES 4 update 6 i386, the other running red hat
enterprise linux server release 5.1 x86_64 . Both appear to be
running samba 3.0.25b, both are members of an active directory
domain . There are 7 domain controllers in
2007 Apr 04
1
Issue with pam_winbind for MS AD authentication and moduleoptions
Hello!
passwd, shadow and group looks as follows in nsswitch.conf:
passwd: files winbind
shadow: files
group: files group
What really confuses me is that when my AD server is up and running,
root or any local user logs in with no problem.
And even when AD server is down, after trying a zillion times, root and
other local users login, and then if I log them out and try again a few
minutes
2017 Dec 01
2
Restricting AD group logging on to Servers
Hi,
I have a Debian Stretch system running a self-compiled version 4.7.3 of Samba. Having followed the Samba WiKi to allow AD users
to log onto the servers using PAM authentication, I now want to restrict access to specified group(s). So I created a linuxadmins
group and made some test users members of the group.
Initially I tried to restrict access by modifying /etc/security/access.conf
2013 Nov 28
4
SSH - Winbind and Keybased Auth
Hi Team,
We have a weird issue that we are trying to understand. We have winbind set up and working successfully for user authentication with passwords via ssh. We have pam.d/system-auth-ac and password-auth-ac (symlinked) set to require membership of a group which works great via password authentication.
However, if the user has a ssh key set up, they seem to bypass the group membership
2013 Aug 22
1
Not Obeying "require_membership_of" winbind.so when "User must change password at next logon"
Okay, so I have an Active Directory server running on Windows Server 2012 Standard
I have configured Samba/Kerberos/Winbind on Ubuntu 13.04 to bind to the DC properly.
I am able to login with my Active Directory users credentials.
When I use the 'require_membership_of' option in pam.d/common-auth for winbind.so using the SID of the group I want to restrict access to, it works like a charm.
2020 Jun 16
2
Samba as a domain member:
Yes:
# getent group GROUP
group:x:17573:
# getent group group2
group2:x:11010:
# getent group GROUP3
group3:x:21178:
# wbinfo --group-info GROUP
group:x:17573:
# wbinfo -n GROUP
S-1-5-21-948789634-15155995-928725530-7573 SID_DOM_GROUP (2)
2010 Feb 05
1
/etc/ldap.conf pam_filter
Hi,
we use an openldap server / samba as domain controller for our
windows/linux workstations. on a specific server, login should only
be allowed, if the certain user is member of a group (let's call this
group "login"). All the users in the domain are members of the group
"Domain Users". Therefore their primary gid is not the login-group's gid.
How can I make the
2007 Apr 04
1
Issue with pam_winbind for MS AD authentication and module options
Hello!
I've configured samba with winbind and pam_winbind module to
authenticate users that connect to my linux box against MS AD.
Works like a charm. If a user exists both in AD and locally, login
should assume local users. Again, it works pretty well (It seems at
least with my current config).
If my AD server goes down for any reason, local users should be able to
login. For example, root
2020 Jun 17
1
Samba as a domain member:
Nice call. It almost worked except for a small error in 'man
pam_winbind' -- DOMAIN\\GROUP should actually be DOMAIN\GROUP in the
pam.d file.
Now, I'm a bit confused.
The pam module 'pam_winbind' is from the Samba suite.
OpenVPN is just passing on the authentication decision to Samba.
However, I was expecting to just use the group name without the domain
name since I have
2020 Jul 28
2
kerberos ticket on login problem
I'm experimenting with smb + winbind.
My host is joined to AD and I can login to my host fine using my AD
credentials via SSH.?? The only issue is that I don't get a Kerberos
ticket generated.
In /etc/security/pam_winbind.conf I have:
krb5_auth = yes
krb5_ccache_type = KEYRING
In /etc/krb5.conf, I also have:
default_ccache_name = KEYRING:persistent:%{uid}
Using wbinfo -K jas, then
2006 Sep 29
0
pam_winbind causing local user login failures on 3.0.23c ... and a couple of other things
All,
I'm currently running a CentOS 4.4 x86_64 server and wanted to have
single-signon for Active Directory users on my domain. CentOS 4.4 comes
with Samba 3.0.10-1.4E.9, which ends up filling my logs with messages
related to the BUILTIN users/groups. I have a few local user accounts on
the server for testing, etc.
Since issues related to winbind and BUILTIN users/groups have recently been