Displaying 20 results from an estimated 100 matches similar to: "apache, apache's mod-auth-pam, and pam_winbind : no nested groups"
2006 Feb 10
0
problem using 'winbind nss info =' statement
When winbind is configured without the 'winbind nss info =' statement
(i.e. such that winbind maintains its own local map of SIDs -> UID/GIDs),
the following works fine:
# cd ~detertj
# getent passwd detertj
detertj:x:10008:10000:detertj:/home/MSOE/detertj:/bin/bash
but when i try to make winbind use sfu for the mapping of SID ->
UID/GID, username lookups are
2004 Feb 09
0
Samba authentication against an NT group in Apache
We would like to have our Apache Linux-based web server use our
existing NT domain to authenticate some of our web pages. We are using
the Apache module mod_auth_pam to use pam-based authentication and
then the winbind pam module to do the actual authentication.
We have gotten to the point where we can authenticate using NT
_users_, but we have not been able to authenticate using _groups_. For
2003 Oct 16
0
Apache auth failing for Active Directory group members
On my web server, I have a .htaccess file set up to restrict access to a
folder for specific Active Directory users. The Active Directory domain is
imaginatively called "AD". Using 'require user ad\brian.cochrane' in
.htaccess works great. 'require group "ad\domain users"' also works.
However, 'require group "ad\_it"' does not work. The
2003 Oct 17
0
[Fwd: Apache auth failing for Active Directory group members]
I sent this message to the list yesterday, but I believe it was before I had
fully joined the list...so I'm not sure if it got through. My apologies if
this is a repeat.
On my web server, I have a .htaccess file set up to restrict access to a
folder for specific Active Directory users. The Active Directory domain is
imaginatively called "AD". Using 'require user
2006 Jan 20
0
can't map drive to WinXP client from v3.0.21 w. security=ads
new installation of samba v3.0.21 on debian. Joined the samba box to an
ActiveDirectory domain.
Can enumerate users/groups with wbinfo run locally on the samba box.
Can connect remotely to samba box via smbclient Version 3.0.10-Ubuntu linux.
Can create new files via 'put' cmd within smbclient.
Can login remotely to samba box with ssh client on linux box.
Can _NOT_ map a drive to samba
2001 Apr 23
1
win2k domain-less client failing to authenticate when securit y=domain
Hi Jonathan,
Yep, samba sends the domain name as well as the username to the domain
controller, and what I think happens is the NT controller sees that the
domainname passed is NOT his domain, checks his list of trusted domains,
doesn't find it, and says sayonara buddy... I am assuming that 'SATURN' is
the netbios name of the win2k client machine? I'm not real clear on how
this
2004 Mar 10
0
Samba authentication against an NT group in Apache
Hi,
I have exactly the same problem with my web server ...
Linux/redhat 9.0 / kernel 2.4.20-20.9.1 (+ Acl patches)
Samba 3.0.2a / compiles with winbind and Acl options
Apache 2.0.40 / with mod_auth_pam 2.xx included
Authentication to samba share from a windows workstation using Acl + winbind
+ "Nt domain groups" works fine.
But I gave some problems when I want to use NT domain
2006 Mar 24
2
Basic Auth in WEBrick
Yo all,
All I want to accomplish at this moment in time is simple password
protection around a rails application in development using WEBrick on
a custom port. Just one account would be fine.
I have done an extensive Google hunt for an example, but I all find
are code chunks for starting WEBrick such as:
realm = "Gnome realm"
start_webrick {|server|
htpasswd
2011 Jun 06
1
RCurl and kerberos
Dear list,
I would like to call a Kerberos-authenticated web-service from within R.
Curl can do it:
$ curl --negotiate -u : "http://my.web.service/"
so I would expect that RCurl also has the capability, but I have not been able to find the correct options to set.
listCurlOptions() does not return anything with negotiate, and searching the source of RCurl, the only thing I found was
2001 Apr 23
0
win2k domain-less client failing to authenticate when security=domain
Hello,
I've got a linux box running smbd & nmbd versions 2.0.6 with security = DOMAIN,
and an NT4 box as the password server. The sole domain controlled by that NT4
box is named "MSOE". All is well with win98 clients. However, Win2k clients
that are not part of an NT domain, but simply belong to a "workgroup" named "MSOE",
are unable to authenticate. The
2009 Feb 04
1
Idmap + LDAP + winbind: our first BDC - doubts about idmap ranges and winbbindd + Idmap dn
Hi,
My doubt is about Idmap + LDAP + winbind, related do BDC + PDC. We
are using Samba 3.0.33 (Slackware 12.0.0).
Our layout is almost like this one
http://us1.samba.org/samba/docs/man/Samba-Guide/images/chap6-net.png,
but we have more BLDGn than this example.
Actually, we are taking ideas from
http://us1.samba.org/samba/docs/man/Samba-Guide/happy.html
and from
2006 Apr 27
2
winbind nss info = sfu is not so much working
with samba 3.0.22, I'm trying to integrate a linux box with Microsoft AD
by using winbind for authentication as well as for the source of nss info.
When winbind is configured to use its own local id maps, everything
works fine.
But when i configure winbind to use 'ad' as the source of nss info,
authentication fails, 'getent' commands return no results, and
'wbinfo -r
2006 Feb 08
1
winbind can see some groups but not others
Hello,
I followed the steps at
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
for adding a v3.0.21a samba and winbindd server to a MsAD domain and
configuring nsswitch.conf to find passwd and group info from winbind.
This seems to have worked out fine, except that I can't 'see' or
'recognize' certain groups via getent or via wbinfo -g.
E.g. I can see the
2011 Nov 01
1
SELinux and SETroubleshootd woes in CR
I'm setting up a dedicated database server, and since this will be a
central service to my various web servers I wanted it to be as secure as
possible...so I am leaving SELinux enabled. However I'm having trouble
getting Apache to use mod_auth_pam. I also now can't get setroubleshootd
working to send me notifications of the denials and provide tips to solve
the problem.
The Apache
2006 Aug 10
1
winbind: group name doesn't map to a SID, but gid does
I'm using winbind v3.0.22 on Debian Linux as a source for nss info.
I have a group that was once known by winbind, but is no more:
------ beging shell except ------
# ls -ld ./
drwxrws--- 10 root $MND000-TT227MV5K24I 4096 2006-05-10 15:41 ./
#
------ end shell except ------
It must have been known, as I was the one who chgrp'ed the dir
originally.
I know what the group name is
2010 Jul 13
2
Setting apache's maxclients higher than 256 in CentOS
Hi,
I could not find any reference if the version of apache compiled for centos
5.x has support for more than 256 clients in apache's maxclients.
If that is not the case how can I recompile the package with such support?
Regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
2006 Jan 18
1
ADS valid users can't map a share to 3.0.21
I've got samba v3.0.21 on server 'RELIANT' with security=ADS
I want MsWin XP clients, that have logged into Microsoft AD domain
'MYDOMAIN' to be able to map a drive to 'RELIANT', and to do so without
having to authenticate again. I haven't been able to do so. Here's
what happens:
the XP client doesn't prompt for authentication (which is good,
2006 Jan 31
1
windbind, 'template homedir', and macros
I am currently using Mssfu, nss_ldap, and pam_ldap to enable my linux boxes
to auth against MsA.D. and get all their user info from MsA.D.
I recently discovered that winbind can accomplish the same without
Mssfu, as long as I'm content to be limitted by the winbind config
directives 'template shell' and 'template homedir'. I'd like to drop
sfu if I can.
The 'template
2006 Apr 28
1
smb.conf(5) manpage suggestion re. idmap backend
suggestion for minor improvement of the smb.conf manpage in the context
of the 'idmap backend' parameter. At least as of v3.0.22 the manpage says:
Finally, using the idmap_ad module, the UID and GID can directly be
retrieved from an Active Directory LDAP Server that supports an
RFC2307 compliant LDAP schema. idmap_ad supports "Services for Unix"
2006 Jul 18
1
winbind periodically does 44 extraneous lookups, causing 10-15 second lag
The setting is Debian with winbind v3.0.22. The pertinent bit of
winbind configuration is as follows:
winbind nss info = sfu
idmap backend = ad
winbind enum groups = yes
winbind cache time = 1800
The problem is that once in a while, typically when either:
a) an ls command is given for the 1st time in a login shell
session
or