similar to: pam_radius fail open?

I'm setting up a freebsd server which will authenticate against an Active Directory I mean: the server will NOT have any local users (except mandatory and minimum required for management and configuration) and will authenticate requests for login and access FOR EVERY SERVICE against an Active Directory Server I have configured the samba service and currently I can login to local terminal,

I've built a domain member. It works pretty good with the exception that I want on-the-fly home directories being built. I'm not sure this is doable with a domain member as everything I've tried isn't even called - as far as I can tell. Using log level 3. If anyone can shed light on how to dynamically create home directories, that'd be great. anyway, here's my

I'm running samba 2.5 on a FreeBSD box using winbind to do authentication with my PDC/BDC. I'm able to configure shares that everyone on the NT network can access but when I configure private shares (only 1 or 2 users have access to) the users get prompted for a username and password and are not allowed access. What am I doing wrong? Below I have included a copy of my smb.conf and pam.conf

> What is in the pam.d/dovecot file? (Remember to strip passwords if > included) # cat /etc/pam.d/dovecot passdb { driver = pam # args = failure_show_msg=yes # args = max_requests=12 args = %s } and /etc/pam.d/{imap,pop3} were untouched; both as follows # # $FreeBSD: releng/10.3/etc/pam.d/pop3 170771 2007-06-15 11:33:13Z yar $ # # PAM configuration for the "pop3" service

I am having problems upgrading samba 3.0.36 to 3.3.7. I have a working installation of Samba 3.0.36 on FreeBSD 7.2 amd64, configured as a domain member in a 2003 AD, running in native mode. Domain controllers have Services for Unix 3.5 installed and I am using idmap backend with SFU schema mode. I have enclosed my configuration files and compile options further down. When I upgrade to version

Hi list, Sorry for the cros-post, I'm not sure which list is better for me as I got a question related to samba, configuration, FreeBSD. I'm trying to configure NT authentication on FreeBSD 5.4 with Samba 3.0.12 (installed form the ports collection). I've folowed the Samba 3 howto I've managed the following : wbinfo -g returns correctly the domain groups wbinfo -u returns all

Hi list, Sorry for the cros-post, I'm not sure which list is better for me as I got a question related to samba, configuration, FreeBSD. I'm trying to configure NT authentication on FreeBSD 5.4 with Samba 3.0.12 (installed form the ports collection). I've folowed the Samba 3 howto I've managed the following : wbinfo -g returns correctly the domain groups wbinfo -u returns all

Hi All I installed samba 3.0.23d on the FreeBSD 5.4 through the port tree and join to the Windows 2000 Domain. But I can't su anymore. And the Windows client cannot go into the share folder. I have pam_winbind.so at /usr/lib and /usr/local/lib. The error message shows: Jan 30 18:50:36 BSDSVR01 pam_winbind[26131]: request failed: No such user, PAM error was unknown user (13), NT error was

Greeting- I have a mixed network of ms-windows, macintosh and freebsd systems. I am setting up a FreeBSD 9.0 system as a PDC using samba. I can from a FreeBSD box attach to the SMB server as a user that is defined on the Samba Server. [wynkoop at dt0 ~]$ smbclient -L hp1 Enter wynkoop's password: Domain=[HARAPARTNERS] OS=[Unix] Server=[Samba 3.6.4] Sharename Type

Hello! I'm trying to configure a freshly built mail/cyrus-imapd22 to work and authenticate accounts -- Kerberos and plain text. The GSSAPI authentication works already. After doing kinit, I can do ``imtest -m GSSAPI hostname'' and it succeeds. Now I'm trying to login with plain text (over SSL). Cyrus' imapd keeps crashing from SIGBUS. According to ktrace, this happens

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 3 Aug 2017, Randy Bush wrote: > # cat /etc/pam.d/dovecot > passdb { > driver = pam > # args = failure_show_msg=yes > # args = max_requests=12 > args = %s > } this info belongs into Dovecot's conf files, not into /etc/pam.d. > and /etc/pam.d/{imap,pop3} were untouched; both as follows > > # > #

I have a shell user who is able to login to his accounts via sshd on FreeBSD 8.2 using any password. The user had a .ssh/id_rsa and .ssh/id_rsa.pub key pair without a password but nullok was not specified, so I think this should be considered a bug. During diagnosis, /etc/pam.d/sshd was configured for authentication using: ------------- auth required pam_ssh.so

Hello, when configuring the OpenSSH to authenticate through pam_radius, I encountered the following problem: The radius server is configured to accept username and generic password, it then generates some textual string as a challenge-request and waits again for username and this time for challenge-response. Pam_radius use pam->conv function, retrieved with pam_get_item(PAM_COM), with

Hi I am trying to write pam_radius module which talks to RADIUS server for aaa. I see sshd checks /etc/passwd for user list. Since RADIUS server has user list, can sshd ignore this check for RADIUS/TACACS+ authentication, Please suggest if there are any flags to control it. I am using the following versions. OpenSSH_6.6p1, OpenSSL 1.0.2n 7 Dec 2017 I see sssd (NAS) being used for such use

Hmm, I thought using .opiealways would be the solution see: http://www.onlamp.com/pub/a/bsd/2003/02/20/FreeBSD_Basics.html Or http://people.freebsd.org/~des/diary/2002.html But I can still login with the standard password even if the opieaccess file is empty. -----Original Message----- From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Didier

Hello All: I am trying to authenticate against an Active Directory using winbind in my /etc/pam.d/sshd configuration (below). If the user is in the local password file, I can authenticate successfully using that user's Active Directory credentials. However, if the user is not in the local password file, I get the following errors. Nov 3 10:07:48 mailnat pam_winbind[29805]: request failed:

On Wed, 2018-01-03 at 13:50 +0530, Sudarshan Soma wrote: > HI, I do see some refernce on it: but seems not closed > https://marc.info/?l=secure-shell&m=115513863409952&w=2 > > http://bugzilla.mindrot.org/show_bug.cgi?id=1215 > > > Is this patch available in latest versions, 7.6? No. It never was. The SSSD is using NSS (Name Service Switch) [1] way of getting

>> auth: in openpam_parse_chain(): /etc/pam.d/dovecot(1): missing or invalid facility > > I do not think that it has something to do with the dovecot settings > itself but perhaps with the pam facility settings instead? i can believe that. any clues to debug? randy

Hi, I'm trying to setup Dovecot with MS AD and am using this as my guide: http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm I can definitely access information on the AD server using wbinfo -g and wbinfo -u..... Currently my dovecot.conf file looks like this: # v1.1: #auth_ntlm_use_winbind = yes # v1.2+: auth_use_winbind = yes auth_winbind_helper_path = /usr/local/bin/ntlm_auth

I've reproduced this bug in versions openssh-3.7p1 and openssh-3.8p1 I've verfived that it works PERFECTLY in versions openssh-3.6p1 and openssh-2.9p2 I have not tested any other versions. The problem is sshd will not authenticate passwords off a NT4 domain using winbind and pam. Broken Debug output is: debug1: PAM: initializing for "user" debug1: PAM: setting PAM_RHOST to