similar to: Authenticating a linux samba client to a win2k domain

Hello crew, I'm having troubles with authenticating a linux samba client to a win2k domain. Without creating local users I want to be able to log on using a user and pass valid only in the windows domain. Somehow I seem to be stuck on the last part: /var/log/samba/log.winbindd [2008/01/14 16:22:12, 0] lib/util_sid.c:string_to_sid(242) string_to_sid: Sid S-0-0 is not in a valid

Hi List, I am trying to get authentication to Dovecot with a Yubikey OTP. I have the PAM modules installed and can successfully authenticate to ssh with the Yubikey, so I am confident that the network level and Yubikey configuration is correct. I can also authenticate to Dovecot via PAM using a plain password, however when I try to use the Yubikey authentication with Dovecot things don't

Hi! Can you attempt to get core dump with debugging symbols with dovecot too? Currently it seems to only contain symbols from kerberos bit, which is not very useful on it's own. Aki > On 12 February 2018 at 17:34 Ben Woods <woodsb02 at gmail.com> wrote: > > > Hi everyone, > > I have a repeatable core dump when running dovecot on FreeBSD in the > specific

I've got a Solaris 8 and 9 box using LDAP to successfully authenticate users. I can get logged in via ssh using keyboard interactive (via PAM/LDAP). When I try to use pubkey authentication, both the pubkey as well as the fallback to keyboard interactive always fail. I've tried openssh versions as early as 3.4 and as new as the 11-06 snapshot with the same behavior. Everything works

Greeting- I have a mixed network of ms-windows, macintosh and freebsd systems. I am setting up a FreeBSD 9.0 system as a PDC using samba. I can from a FreeBSD box attach to the SMB server as a user that is defined on the Samba Server. [wynkoop at dt0 ~]$ smbclient -L hp1 Enter wynkoop's password: Domain=[HARAPARTNERS] OS=[Unix] Server=[Samba 3.6.4] Sharename Type

Hello, I have a login form on /login.php which POSTs to /dorf1.php when access is granted and to /login.php when it is denied. require ''rubygems'' require ''mechanize'' agent = WWW:Mechanize.new() login = agent.get("http://server/login.php") form = login.forms.action("dorf1.php") form.fields[2].value = "wronguser" # login

Hi everyone, I have a repeatable core dump when running dovecot on FreeBSD in the specific scenario described below. Dovecot is linked against MIT kerberos in /usr/local/lib/, whilst PAM is linked against Heimdal in /usr/lib/. My expectation was that dovecot authentication using GSSAPI would use MIT kerberos in /usr/local/lib, whereas PAM authentication is independent from dovecot and would

Hi Sapan! See the Vol 13 Digest MSG 34 of 28 Jan 04: here it is: --------------- IT WORKS!!! I can telnet, ftp, rsh... to my Samba 3.0.1 box (Solaris 9 sparc) here is (at the end) my pam.conf (in case somebody is interested in) The trick is commenting "other accound... winbind..." string in pam.conf! My English is corrupted wnen i'm full #other account sufficient

Everyone, We are currently seeing a very strange problem on our server. Everything will be running along smoothly and then all of a sudden, nobody will be able to login. Looking through the logs reveals the following messages... Apr 24 10:55:15 LINUX-1 httpd2-prefork: pam_winbind(httpd): pam_winbind_request: read from socket failed! Apr 24 10:55:15 LINUX-1 httpd2-prefork:

This is the second attempt at sending this. Apologies for any duplicates. I've got Winbind up and running to authenticate our users against our AD and to save kerberos tickets. I have used the "winbind refresh tickets = yes" setting expecting this to renew these kerberos tickets before they expire. This does not appear to work. Gnome will pop up a dialog box saying that the

Hi Mike, Thanks for replying! I have tried that but I still have the same problem. I think that PAM is doing its job, I've set up logging so that everything in pam.conf logs to /var/log/pamlog. In pamlog I see "user 'ganguly' granted access". There is something else that is stopping this working, I just can't see what it is. Any ideas? -----Original Message-----

We've discovered that although Winbind supports password changes when the account password is expired, this only works with *interactive* shells. This is a major problem for us. Use case 1: SSH tunnels: $ ssh user2@localhost -N -L 4711:localhost:22 user2@localhost's password: <trying to use the tunnel> channel 2: open failed: administratively prohibited: open failed As you can

Greetings, I'm running Fedora 11 (Samba 3.3.2) and am trying to configure winbind authentication against a Windows 2003 server. I've run kinit and net join successfully, and can wbinfo -u, -g, and -t successfully, as well as getent passwd and getent group successfully. I can even use passwd to change domain user passwords. However, when I try to log in via gdm, ssh, or even su, I do not

Hi Chris, Were you able to solve this. Regards, David. Greetings, I'm running Fedora 11 (Samba 3.3.2) and am trying to configure winbind authentication against a Windows 2003 server. I've run kinit and net join successfully, and can wbinfo -u, -g, and -t successfully, as well as getent passwd and getent group successfully. I can even use passwd to change domain user passwords. However,

Ok, so, things are complicated. The PAM standard insists on password aging being done after account authorization, which comes after user authentication. Kerberos can't authenticate users whose passwords are expired. So PAM_KRB5 implementations tend to return PAM_SUCCESS from pam_krb5:pam_sm_authenticate() and arrange for pam_krb5:pam_sm_acct_mgmt() to return PAM_NEW_AUTHTOK_REQD, as

I've been stuck on this one for days and can't seem to find anything referencing the same problem; help would be greatly appreciated. I have a functioning Samba 3.5.4-63 installation acting as a PDC - users can log in from Windows 7 machines without problems etc. etc. The issue is with using wbinfo -a to authenticate users (without going into too much detail, I'm trying to use the

HI, I want to use samba winbind (3.6.18 - Ubuntu) to login to a machine using ads. The problem I have is that the ad server (win 2008) does not grant read access to the user list for the machine account. Only each user can read his own entry. Due to the privacy police this behaviour can not be changed. How do I tell winbind to use the user account to look up the user and not use the machine

First time poster so be kind :) I was looking at the pam_krb5.c code and noticed that for authentication to succeed getpwnam() has to succeed. Previously I had setup a web site using mod_auth_pam to authenticate against an active directory (AD) server using a pam config like: # auth auth required pam_krb5.so no_ccache no_warn # account account required

Hello, Prequalify: I'm quite a novice w/ Kerberos, so my terminology and assumptions may be rough. Also, please CC me since I'm not a list subscriber. I'm running a fairly recent -STABLE [1] and have installed the base Heimdal Kerberos implementation via the MAKE_KERBEROS5 knob in /etc/make.conf. I'm having the problem that I don't see a cached credential file being created

Samba 3.0.11 on SLES8 on z/VM The system will be running fine then every few days the Winbind daemon will stop. Below are the last lines of the log file. [2005/03/03 14:15:00, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(475) rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-32-545 [2005/03/03 14:15:00, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(475)