similar to: Restrict users from logging in: winbind

We use samba 2.2.9 with winbind. We use winbind for authentication. I was able to selectively limit pop3 use among winbind users on redhat 9 with this pam configuration. (As you would use it in ftpusers, in the reverse sense.) auth required /lib/security/pam_listfile.so item=user onerr=fail sense=allow file=/etc/pop3users This is the best solution for my situation, and I want to have that on my

Hi, I'm trying to config dovecot to enable IMAP protocol only for certain IPs and users. The logical steps I've followed are: 1. If a user is trying to login from an IP that I've authorized ( listed in a file) the request is authorized. 2. If not, if the user is listed in a second file the request is authorized. 3. If also this check fails the request is rejected. I'm using PAM

I'm using libvirt in desktop environment. Single host machine, pair of users, a few guest machines. The first thought was that unix socket restricted to specific group is just enough for authentication. But virsh has the power like sudo: you could define pool on real device and write anything on it. So I decided to authenticate with password for each virsh use. I'm using SASL + saslauthd +

Hi, I am currently trying to configure AD (Windows 2003) + Linux (CentOS 4.4) to allow user logins for certain users, namely, developers. The winbind authentication part of it is working correctly, but every user in AD can login to the servers via ssh. I have tried to limit users by adding valid_users = @"domain+developers" (+ is the separator) on /etc/samba/smb.conf, but this

Hi, I'm trying to use pam_listfile.so to deny logins from all others but few users (names in /etc/loginusers). With password authentication it works fine, but with public key authentication OpenSSH lets in users whose names arent't in /etc/loginusers. AllowUsers in sshd_config does what one would expect. I'm using OpenSSH-3.0.2p1 on Debian testing (package version 1:3.0.2p1-6)

Hello, I have a problem to which I have not been able to find a solution by myself or online. I have Dovecot running together with Qmail on a CentOS server. I need to be able to control which users are allowed IMAP access and at the same time allow IMAP access for all users when the requests are coming from a specific IP. My problem has two parts, detailed below.

Hi folks, I can't seem to log into my system via vsftpd. All other services using PAM are fine...Am I missing something simple? ftp> user (username) user 331 Please specify the password. Password: 530 Login incorrect. # getenforce Permissive here is the event in /var/log/audit/audit.log: type=USER_AUTH msg=audit(1247235151.569:9781): user pid=21052 uid=0 auid=0

Greets ... I am not getting it. I have samba (old one, 3.0.22-11-SUSE-CODE10) in an ADS-context, winbind works OK ... I am trying to connect vsftpd to winbind via PAM, this works TOO GOOD ;-) currently I am able to login to vsftpd with ANY password, that's bad. I am not understanding that PAM-stuff and I have some pressure to get that ftp-server up, so please would someone help me out? My

hi all, i'm setting up Dovecot on OSX to use PAM authentication against a flat_file/static userdb (tho i will _eventually_ mv to pgsql ...). iiuc, to do so i need something like: =================================== (EDITOR) /etc/pam.d/dovecot.imap auth required pam_listfile.so item=user sense=allow file=/var/dovecot/imapusers onerr=fail =================================== for a userdb

Hi, I have tested the current snapshot portable release (dated Jan 9 2004). configuration has: UsePAM yes PasswordAuthentication no ChallengeResponseAuthentication yes UsePrivilegeSeparation yes two problems: first pam_motd does not work anymore. second, I needed a quick way to disable normal user logins without disabling admin accounts (members of group wheel). the best option i could come

Good Morning, I have been a user of winbind and Samba for about a year now. It's been working well for me on Red Hat v. 8.0 and 9.0. Recently I purchased and installed Red Hat Enterprise Linux WS 3.0 and configured winbind and samba the same way I normally do. However when I attempt to authenticate to the Linux workstation before I am even prompted to enter my password, winbind submits a

Anyone have suggestions? Thanks. -----Original Message----- From: Eisenstein, Doug Sent: Monday, January 12, 2004 9:06 AM To: 'samba@lists.samba.org' Subject: [Samba] Winbind & Wrong Password - PAM Issue? Good Morning, I have been a user of winbind and Samba for about a year now. It's been working well for me on Red Hat v. 8.0 and 9.0. Recently I purchased and installed Red

> We are trying to have linux authenticate to linux server running samba > 3.0. We have the XP Pro, 6.2 redhat, and 7.3 redhat machines. They all > authenticate to the linux server but we are having problems with blank > passwords or the user can type any password. We are using pam modules for > the authentication on the client machines. > I have included the config files for

On 12/10/15 08:27, VigneshDhanraj G wrote: > Hi Rowland, > > Thanks for the help. > > Yes, Joined to the domain, ftp uses pam authentication. After > upgrading samba i found ftp pam authentication not working > > /etc/pam.d/ftp contains > > #%PAM-1.0 > auth sufficient /lib/security/pam_smbpass.so > auth sufficient /lib/security/pam_winbind.so

> -----Original Message----- > From: Reed, Tameika > Sent: Monday, November 17, 2003 5:56 PM > To: 'samba@lists.samba.org' > Subject: Samba PDC trying rid null logins > > > > > We are trying to have linux authenticate to linux server running samba > 3.0. We have the XP Pro, 6.2 redhat, and 7.3 redhat machines. They all > authenticate to the

Now, TOSHARG-VFS.xml translate to Japanese finished(3.4.0 base). And some bug found. <indexterm><primary>UID</primary></indexterm> <indexterm><primary>GID</primary></indexterm> <indexterm><primary>SID</primary></indexterm> <indexterm><primary>idmap uid</primary></indexterm>

Hi All, I am using samba-common-3.0.10-1.4E.9 on a RHEL4_U4 x86 machine. The ADS server is WS03 sp1 running in Windows Server 2003 interim mode. In general thing are working well. However, when winbind caching is enabled (default), group membership does not appear to update, i.e. "wbinfo -r bob" and "groups bob" don't reflect changes in ADS group membership.

Red Hat Enterprise Linux Server release 5.4 (Tikanga) Samba 3.0.33-3.15.el5_4.1 I have run into an issue where the DNS records added by a net ads join seem to be being scavenged. From what I understand, Windows servers/workstations check in (update their host record) on the AD DNS server on a regular basis. So the question is, how can I have samba/winbind do the same? I could just setup a cron

Hey folks, New to the list - and I hope this isn't a dumb question. I am in the process of revamping the way we authenticate to our Linux servers. Moving away from pam_ldap and pam_nss, in favor of winbind and pam_nss. The reason for this is that I feel winbindd does a better job of failing over from a unavailable authentication server than pam_ldap. In any case - I have it all working

Hello, I have configured a Nagios server to be part of a Windows 2003 domain. The Linux server is RedHat 5.3 with winbind version 3.0.22. The configuration is using kerberos and pam with winbind to support Windows user and local account. Everything is working fine until we test the active directory failover. The system is still accessible through domain account but it's very slow and the