similar to: winbindd behaving oddly

Hi, I'm setting up a Gentoo samba server for home directories on a 2003 ADS network. I've decided to use pam_mkhomedir.to have the fileserver automagically create their home when they first log in. But we don't want everyone to log in, just the members of the AD group filesurfer-users. The problem: Regardless of what I put as a require_membership_of= in the samba pam file, any domain

Hi Team, We have a weird issue that we are trying to understand. We have winbind set up and working successfully for user authentication with passwords via ssh. We have pam.d/system-auth-ac and password-auth-ac (symlinked) set to require membership of a group which works great via password authentication. However, if the user has a ssh key set up, they seem to bypass the group membership

Hi All, I am using samba-common-3.0.10-1.4E.9 on a RHEL4_U4 x86 machine. The ADS server is WS03 sp1 running in Windows Server 2003 interim mode. In general thing are working well. However, when winbind caching is enabled (default), group membership does not appear to update, i.e. "wbinfo -r bob" and "groups bob" don't reflect changes in ADS group membership.

Hi everone. Ubuntu 12.04 v3.6 clients with winbind joined to 12.04 Samba4 DC Clients: smb.conf [global] realm = polop.site workgroup = POLOP security = ADS wide links = Yes unix extensions = No template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes idmap uid = 300000-400000 idmap gid = 20000-30000 /etc/nsswitch.conf passwd: compat winbind group: compat

I'm experimenting with smb + winbind. My host is joined to AD and I can login to my host fine using my AD credentials via SSH.?? The only issue is that I don't get a Kerberos ticket generated. In /etc/security/pam_winbind.conf I have: krb5_auth = yes krb5_ccache_type = KEYRING In /etc/krb5.conf, I also have: default_ccache_name = KEYRING:persistent:%{uid} Using wbinfo -K jas, then

Hi, I was trying to use the nnet library and am not sure of whats going on. I am calling the nnet function as: n <- nnet(x,y,size=3,subset=sets[[1]], maxit=200) Where x is a 272x4 matrix of observations (examples) and y is a 272x1 matrix of target values. However when I look at nnet$residuals they are off by two orders of magnitude (compared to the output from neural network code that I

Hello, Please forgive me if this has been discussed, I did not find any references when I searched. I'm trying to replace a W2K server with a samba member server in a single ADS domain. It seems that the Fedora rpms do not support idmap_rid so I am trying to compile from the Fedora SRPM. After following the docs for building and configuring idmap_rid I get no ADS users from `getent

Hi all I have set my Samba server up to join an AD realm. Winbind is working fine and I am able to use it for authentication as needed. When I try to connect to one of my shares via a Windows client, I get the following error: [2004/11/04 11:57:54, 0] auth/pampass.c:smb_pam_account(573) smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: MYDOMAIN+room1 [2004/11/04

Hi all, I have a samba 2.2.8a install runing on a debian woody. The samba is working fine and I am able to map shared drives. I want to use a Primary Domain Controller to authenticate users. I have included the necessary options in smb.conf, # separate domain and username with '+', like DOMAIN+username winbind separator = + # use uids from 10000 to 20000 for domain users winbind uid

Hello, I am have some interesting problems with the pam_winbind portion of samba 3.1. wbinfo -u and getent passwd works but when I login I get the following messages in /var/log/messages. Jan 5 11:09:36 hermes pam_winbind[9014]: write to socket failed! Jan 5 11:09:36 hermes pam_winbind[9014]: internal module error (retval = 3, user = `CSQ+shane' Jan 5 11:09:36 hermes PAM_pwdb[9014]: check

Okay, so I have an Active Directory server running on Windows Server 2012 Standard I have configured Samba/Kerberos/Winbind on Ubuntu 13.04 to bind to the DC properly. I am able to login with my Active Directory users credentials. When I use the 'require_membership_of' option in pam.d/common-auth for winbind.so using the SID of the group I want to restrict access to, it works like a charm.

>> But instead i get >> centos: sshd[7929]: pam_unix(sshd:session): session opened for user >> <username> > > "pam_unix" should be an indication that <username> appears in the local > unix password files. Make sure that it doesn't. Nope. None of the usernames i tried is in /etc/passwd or /etc/shadow > > What do /etc/pam.d/sshd and

Hello Community, is there someone who has winbind working on SUSE 8.X? On my system the authenication of the domain users simply does not work getent passwd shows all domain users gentent group shows all domain groups Login as domain user: Login incorrect! There seems to be no pam_stack.so on SUSE. Can it work without it? How can I fix ist? How can I trace the cause of the disfunction? I would

Okay - I've got samba working as a PDC with and ldap backend. I want to have some users not be in ldap (like the built in stuff like cyrus, mail, lp etc) I can get that to work with the pam_ldap and pam_unix but pam_smbpass doesn't seem to return user_unknown as i expect for users who are not in the ldap database does this make sense? --- pam_smb_passwd.c 12 Feb 2002 15:56:19

On 24.01.2020 14:01, Christian wrote: > On 23.01.2020 10:26, L.P.H. van Belle via samba wrote: >> Hai Christian, >> >>>>> Thism, this is just strange, Christian, did you already >>> run and if not, can you run it and post the ouputs. : >>>>> net cache flush >>>>> systemctl stop samba winbind >>>>> systemctl

Hi, We currently have a postfix/dovecot setup using nss_ldap with PAM for authentication. Everything is working fine, but there are excessive "error" messages in /var/log/messages that I'd like to prevent from happening. Since auth_userdb defaults to passwd and that our users are not in the passwd file, we get the following message everytime a user logs in: Jul 7 13:34:37

On 7/28/2020 4:11 PM, Jason Keltz wrote: > > On 7/28/2020 3:59 PM, Jason Keltz via samba wrote: >> I'm experimenting with smb + winbind. >> >> My host is joined to AD and I can login to my host fine using my AD >> credentials via SSH.?? The only issue is that I don't get a Kerberos >> ticket generated. >> >> In

Did you join the box to the domain Did you set security to be domain and passwword to encrypted? Is the AD server in mixed mode? Are you configuring the "right" pam module for the login as per the FAQ? Is wbinfo returning the users and groups? jim Date: Mon, 2 Jun 2003 11:07:04 +1000 From: "John Simovic" <jsimovic@rydesc-h.schools.nsw.edu.au> Subject: RE: [Samba]

Hi all, I am a bit confused about the usage of pam_mount. Here is my /etc/pam.d/system-auth: auth required pam_env.so auth required pam_mount.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth required pam_deny.so account

Hello, I'm trying to get a debian sid box to authenticate against an NT4 domain. I've followed the instructions in the winbindd man page and I think I'm on the right track. However, I'm having problems with PAM. As the winbindd man page suggests, I edited the /etc/nsswitch.conf and added some winbindd related stuff to my smb.conf file. I also edited the /etc/pam.d/* files.