similar to: Looking for AIX Users of Winbind -- Authorization and SSH Problems

Displaying 20 results from an estimated 5000 matches similar to: "Looking for AIX Users of Winbind -- Authorization and SSH Problems"

2008 Aug 06
1
winbindd behaving oddly
Hello folks, Been beating my head with an winbind and pam just behaving oddly. I have following various HOW-TO's, wiki's, and docs, and just can't seem to get past a wall. Here a some of the issues: - the 1st attempt at ssh'ing to a server gives me a 'Wrong Password' in the logs. Here's an exact snippet: Aug 6 18:45:40 mia21654bcu001 sshd[5371]: pam_winbind(sshd):
2008 Jan 03
1
require_membership_of being ignored?
Hi, I'm setting up a Gentoo samba server for home directories on a 2003 ADS network. I've decided to use pam_mkhomedir.to have the fileserver automagically create their home when they first log in. But we don't want everyone to log in, just the members of the AD group filesurfer-users. The problem: Regardless of what I put as a require_membership_of= in the samba pam file, any domain
2013 Jan 24
3
require_membership_of is ignored
I have a RHEL 6.3 machine successfully bound to AD using winbind, and commands like wbinfo -u and wbinfo -g output the users and groups. I can also log in as any AD user. The problem is, I can log on as any AD user. require_membership_of is being ignored. I can put in a valid group with no spaces in the name, a group by SID, and either way, everyone can log in. I've put this option in both
2017 Dec 01
2
Restricting AD group logging on to Servers
> -----Original Message----- > From: Rowland Penny [mailto:rpenny at samba.org] > Sent: 01 December 2017 17:40 > To: samba at lists.samba.org > Cc: Roy Eastwood > Subject: Re: [Samba] Restricting AD group logging on to Servers > > On Fri, 1 Dec 2017 17:06:42 -0000 > Roy Eastwood via samba <samba at lists.samba.org> wrote: > > > Hi, > > I have a
2011 Jun 17
2
Restricting logins using pam_winbind require_membership_of ?
Hi. I have some shares on a server that are offered to specific Active Directory user groups, but the business doesn't want those users to be able to login to the server. If I were to add "require_membership_of" to pam_winbind to limit logins and shut out the users I don't want, would it also have the side effect of denying those users access to the shares as well? Regards,
2017 Dec 01
2
Restricting AD group logging on to Servers
Hi, I have a Debian Stretch system running a self-compiled version 4.7.3 of Samba. Having followed the Samba WiKi to allow AD users to log onto the servers using PAM authentication, I now want to restrict access to specified group(s). So I created a linuxadmins group and made some test users members of the group. Initially I tried to restrict access by modifying /etc/security/access.conf
2013 Nov 28
4
SSH - Winbind and Keybased Auth
Hi Team, We have a weird issue that we are trying to understand. We have winbind set up and working successfully for user authentication with passwords via ssh. We have pam.d/system-auth-ac and password-auth-ac (symlinked) set to require membership of a group which works great via password authentication. However, if the user has a ssh key set up, they seem to bypass the group membership
2005 Oct 26
1
Question about pam_winbind
I was looking at the documentation at samba.org and it says the following: require_membership_of=[SID or NAME] If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID can be either a group-SID, a alias-SID or even a user-SID. It is also possible to give a NAME instead of the SID. That name must have the form: /|MYDOMAIN\mygroup|/ or
2020 Jun 16
2
Samba as a domain member:
Yes: # getent group GROUP group:x:17573: # getent group group2 group2:x:11010: # getent group GROUP3 group3:x:21178: # wbinfo --group-info GROUP group:x:17573: # wbinfo -n GROUP S-1-5-21-948789634-15155995-928725530-7573 SID_DOM_GROUP (2)
2020 Jul 28
2
kerberos ticket on login problem
I'm experimenting with smb + winbind. My host is joined to AD and I can login to my host fine using my AD credentials via SSH.?? The only issue is that I don't get a Kerberos ticket generated. In /etc/security/pam_winbind.conf I have: krb5_auth = yes krb5_ccache_type = KEYRING In /etc/krb5.conf, I also have: default_ccache_name = KEYRING:persistent:%{uid} Using wbinfo -K jas, then
2007 May 14
3
install opt-samba-base on aix 5.3
I am trying to install samba 3.0.24 on aix 5.3. I have downlaoded the binaries from samba.org and I am using the directions found at: http://us4.samba.org/samba/ftp/Binary_Packages/AIX/ The directions dont specify installing the base. WHen I try to install the pware 3.0.24, it fails due to required packages missing. I do not see a way to get opt-samba-base installed. Included below is the
2017 Mar 13
1
pam_winbind with trusted domain
Hi, I am having problems using pam_winbind to log in as a user in a trusted domain. The arrangement is that Samba is joined to a local domain DOMLOCAL which has a trust setup with DOMREMOTE. getent passwd/group correctly enumerates users and groups from DOMLOCAL. If I try getent passwd for the DOMREMOTE account no result is returned. pam_winbind has a requirement that the user is a member of
2020 Jun 17
1
Samba as a domain member:
Nice call. It almost worked except for a small error in 'man pam_winbind' -- DOMAIN\\GROUP should actually be DOMAIN\GROUP in the pam.d file. Now, I'm a bit confused. The pam module 'pam_winbind' is from the Samba suite. OpenVPN is just passing on the authentication decision to Samba. However, I was expecting to just use the group name without the domain name since I have
2020 Jul 29
1
kerberos ticket on login problem
On 7/28/2020 4:11 PM, Jason Keltz wrote: > > On 7/28/2020 3:59 PM, Jason Keltz via samba wrote: >> I'm experimenting with smb + winbind. >> >> My host is joined to AD and I can login to my host fine using my AD >> credentials via SSH.?? The only issue is that I don't get a Kerberos >> ticket generated. >> >> In
2007 Jan 15
1
Winbind caching group membership issue
Hi All, I am using samba-common-3.0.10-1.4E.9 on a RHEL4_U4 x86 machine. The ADS server is WS03 sp1 running in Windows Server 2003 interim mode. In general thing are working well. However, when winbind caching is enabled (default), group membership does not appear to update, i.e. "wbinfo -r bob" and "groups bob" don't reflect changes in ADS group membership.
2007 Apr 04
1
Issue with pam_winbind for MS AD authentication and moduleoptions
Hello! passwd, shadow and group looks as follows in nsswitch.conf: passwd: files winbind shadow: files group: files group What really confuses me is that when my AD server is up and running, root or any local user logs in with no problem. And even when AD server is down, after trying a zillion times, root and other local users login, and then if I log them out and try again a few minutes
2013 Aug 22
1
Not Obeying "require_membership_of" winbind.so when "User must change password at next logon"
Okay, so I have an Active Directory server running on Windows Server 2012 Standard I have configured Samba/Kerberos/Winbind on Ubuntu 13.04 to bind to the DC properly. I am able to login with my Active Directory users credentials. When I use the 'require_membership_of' option in pam.d/common-auth for winbind.so using the SID of the group I want to restrict access to, it works like a charm.
2018 Jan 16
3
SSH with User in Member Domain
Uhum, i tested with ssh:  ssh XXX at FILESERVER  journalctl -f Jan 16 18:28:42 HOSTNAME  sshd[2250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP-SOURCE  user=XXXXX Jan 16 18:28:43 HOSTNAME  sshd[2250]: Failed password for XXXX from IP-SOURCE  port 39896 ssh2 Regards; On 16-01-2018 18:25, Rowland Penny via samba wrote: > On Tue, 16 Jan
2007 Jun 22
1
Samba 3.0.24 on AIX 5.3 + winbindd
Hello, I installed Samba 3.0.24 on my AIX 5.3 and configured it to authenticate users via winbind. I followed the previous thread 'Samba on AIX --> nsswitch.conf', copied WINBIND to /usr/lib/security and modified the default: stanza in /etc/security/user to include WINBIND (in the SYSTEM and registry entry, respectively). Additionally, I added an entry in /usr/lib/security/methods.cfg.
2017 Dec 02
4
Restricting AD group logging on to Servers
[snip] > > > try adding the 'require_membership_of' line to the winbind auth line in > > > PAM. > > > Rowland > > Thanks Rowland, that did the trick and is the simplest solution. > > > > Found that only one \ was required to separate the domain part from the group name part - ie DOMAIN\linuxadmins rather than > > DOMAIN\\linuxadmins.