similar to: still about winbind idmap customization

Displaying 20 results from an estimated 2000 matches similar to: "still about winbind idmap customization"

2011 Oct 27
1
Issue with joing to ADS2003 domain
I have set up LDAP/KRB5 access to my active directory network. If I do a getent passwd, I see the users with a unix UID/GID. If use kinit, I can get a token. If I su to a user, it creates a home folder, and shows correct IDs etc. However the machine will not log in via ssh or the GUI. In secure I see: Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: ccache dir: /tmp Oct 27 11:14:55 rhelads
2019 Jun 15
2
Kerberos and NTLMv2 authentication
Hello Rowland, Sorry for the workgroup and realm name, I put MYDOMAIN to anonymize, should be : realm = MYDOMAIN.LOCAL workgroup = MYDOMAIN About libpam-krb5 installed, I have on my system : yum list krb5-workstation pam_krb5 krb5-workstation.x86_64 1.15.1-37.el7_6 @updates pam_krb5.x86_64 2.4.8-6.el7 @base Is pam_krb5
2002 Mar 26
2
SSH / PAM / Kerberos / password aging
Ok, so, things are complicated. The PAM standard insists on password aging being done after account authorization, which comes after user authentication. Kerberos can't authenticate users whose passwords are expired. So PAM_KRB5 implementations tend to return PAM_SUCCESS from pam_krb5:pam_sm_authenticate() and arrange for pam_krb5:pam_sm_acct_mgmt() to return PAM_NEW_AUTHTOK_REQD, as
2020 Oct 02
5
Kerberos ticket lifetime
On 02/10/2020 13:24, Jason Keltz via samba wrote: > Hi Louis, > > I had already done that at one point. > > My pam_winbind is already working.? I can SSH to the system, and I get > a proper ticket.? My only issue is that it doesn't refresh the ticket > before expiry when I ssh to a system.? I think I can script around > that and just not rely on winbind to do it.
2005 Aug 29
1
dovecot/Active Directory/KRB client (OT)
Gang, For those who asked about making a Solaris system a Kerberos client to Active Directory, the magic document to have is: http://www.connectathon.org/seam1.0/files/c0101.htm See the section "How to Configure a SEAM Client Using a Windows 2000 KDC". SEAM was Sun's Kerberos client stuff in Solaris 8; it is just there as part of Solaris 9 and 10. These instructions apply if
2005 Mar 21
2
Winbind vs pam_krb5/nss_ldap
Hi all, I am just after some opinions about the pros and cons of winbind compared to the 'standard' kerberos and ldap methods. I've have already got single sign on working with pam_krb5 and nss_ldap (using SASL/GSSAPI) against SBS 2003 (with MSSFU 3.0) using Debian Sarge as clients/'member servers', and integration of Samba is the next bit I'm looking at. The impressions
2019 Feb 28
4
[OT?] Kerberos, PAM, NSS: if user does not exist, pam_krb5 try login?
A bit more then a curiosity. Mobing from Samba/NT to Samba/AD i'm now switching some 'one-purpose' (mostly containers) from libpam-ldaps to libpam-krb5. In these box normally i don't need user access, so i create 'manually' (eg, in /etc/passwd) only the admin users, and i add only the PAM layer to do external auth. Still i use ssh keys for direct root access, but as an
2004 Apr 05
5
[Bug 568] Kerberos password auth/expiry kbdint patch
http://bugzilla.mindrot.org/show_bug.cgi?id=568 ------- Additional Comments From michael.houle at atcoitek.com 2004-04-06 06:04 ------- Can someone please enlighten me on whether this kind of code is going to be included in the main development ? I thought this would be handled automatically by the krb5 libraries, so I was suprised to find that password changing doesn't work in the SSH
2013 Jun 30
18
Xen 4.2.2 /etc/init.d/xendomains save and restore of domains does not work
Hello, in the last days I switched from Xen 4.2.1 to Xen 4.2.2 (source from git repository tag 4.2.2) commit a125ec6a4a2f028f97f0bdd8946d347a36dbe76b Author: Jan Beulich <jbeulich@suse.com> Date: Tue Apr 23 18:42:55 2013 +0200 update Xen version to 4.2.2 My "base system" is a debian squeeze. For Xen I use the xl toolstack. Since updating to 4.2.2 the autosave and
2003 Dec 15
1
Solaris Winbind LDAP pam_mkhomedir.so
Dear list, How do I test whether I have access to my winbind LDAP backend from my Solaris 9 machine? My LDAP database is held on a Redhat 9.0 machine also running Samba 3.0.0. I know winbind works because getent and wbinfo show up my NT users and groups. I would also like to have people log into my Solaris 9 machine with their NT usernames, I have this working on Redhat already but Solaris is
2001 Aug 28
1
OpenSSHd barfs upon reauthentication: PAM, Solaris 8
We've been having trouble with OpenSSH 2.9p2, running on Solaris 8 (a domain of an E10k), with PAM authentication turned on. It intermittently crashes with signal 11 (seg fault) after the password is entered, after the MOTD is displayed, but before control is passed over to the login shell. I eventually managed to persuade sshd's child process to consistently crash, upon entry of an
2003 Sep 05
1
pam_winbind verses pam_krb5
Greetings ... Have a question, was is the advantages of use pam_winbind verses pam_krb5 for Samba user authentaction? I mean, if I point my Linux box Kerberos to a Win2003 AD server, I am able to authenticate my users out of AD, but at the moment still having problems with winbind and nsswitch. Is there an advantage to using pam_winbind instead of pam_krb5? Mailed Lee
2005 Jun 13
2
x86_64 duplicate packages problem with apt
I installed Centos3.4-x86_64 and I notice that I get duplicate packages. i.e. I also notice that the duplate packages exist on the cd install as well. [root at bayamo RPMS]# rpm -qa | grep pam_krb pam_krb5-1.73-1 pam_krb5-1.73-1 when I use apt after downloading from Dag's site it complains about duplicate packages after running apt-get update. I am missing something to get my x86_64
2010 Feb 16
2
pam_mount
Hi all, I am a bit confused about the usage of pam_mount. Here is my /etc/pam.d/system-auth: auth required pam_env.so auth required pam_mount.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth required pam_deny.so account
2009 Apr 12
1
ssh_gssapi_check_mechanism fails
Gssapi is failing at the following statement in sshconnect2.c, ok never gets set to 1:: ssh_gssapi_check_mechanism fails /* Check to see if the mechanism is usable before we offer it */ while (mech < gss_supported->count && !ok) { /* My DER encoding requires length<128 */ if (gss_supported->elements[mech].length < 128 &&
2005 Aug 29
4
Conflict between LDAP and Privilege Separation?
Hi all. OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005 on Solaris 8 using host-based authentication. With "PrivilegeSeparation yes" and "UsePAM no" everything works as desired. If I enable PAM, I am able to connect, but just before it gives me a shell, it disconnects. If I leave PAM enabled and disable PrivilegeSeparation, it works. Is this a current limitation, or is there
2020 Jul 09
4
AD Users on Linux Laptop
Hai Rowland, Maybe i didnt understand your reply that well, but why would you change it. All (linux) users have minimum_uid=1000 and start at 1000. All (windows) users (samba) are above minimum_uid=1000 So in my optinion, you should not be needed to change this. Unless your users start below 1000. Also cat /etc/adduser.conf shows ( For Debian/Buster ) # FIRST_[GU]ID to LAST_[GU]ID
2001 Dec 30
1
Extracting the trust account password (for use with Win2k's ktpass)?
Hello, all: My Samba server is a member of a Windows 2000 AD domain. Authentication to the Samba server is, of course, by encrypted NTLM hashes. Authentication to the host itself, which runs Red Hat Linux 7.1, is by NIS (the AD domain controller is running Server for NIS). I want to remove NIS (or at least the passwords from NIS). To accomplish this, I wish to use pam_krb5 to authenticate users
2003 Oct 31
4
Samba and private shares
I'm running samba 2.5 on a FreeBSD box using winbind to do authentication with my PDC/BDC. I'm able to configure shares that everyone on the NT network can access but when I configure private shares (only 1 or 2 users have access to) the users get prompted for a username and password and are not allowed access. What am I doing wrong? Below I have included a copy of my smb.conf and pam.conf
2001 Sep 05
1
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
>> >Could we please have a clarification on the semantics of >> >PAM_CRED_ESTABLISH vs. the semantics of PAM_REINITIALIZE_CREDS? >> >> My interpretation is: >> >> You call PAM_ESTABLISH_CRED to create them >> You call PAM_REINITIALIZE_CRED to update creds that can expire over time, >> for example a kerberos ticket. Oops. I meant