similar to: Strong security in user's accounts and paswords..

Hi Mark and thanks for your soon answer.. I found this excellent guide on internet http://www.puschitz.com/SecuringLinux.shtml... here I could fine all I was looking for about securing my database server running on CentOS.. Regards Israel, >I'm running RHEL 4.6 and am using the features you are looking to >implement. PAM is the direction to look. I have included my

I''m trying to change the password complexity requirements in pam.d/system-auth using augeas. I can append the values (lcredit=-1, ucredit=-1, etc) onto the correct place, but if another value is already present (i.e. lcredit=-2), the onlyif match statement doesn''t seem to support checking regular expressions inside of strings. How do I check that any numeric value exists in the

CentOS-6.6 Is there any command line program that determines and reports what pam_cracklib.so returns for a given password; subject to variation in the command line options and values provided? For example, assuming a cli driver program called cli_driver_pgm: cli_driver_pgm pam_cracklib.so difok=8 minlen=14 dcredit=3 ucredit=3 lcredit=3 ocredit=3 minclass=2 maxrepeat=3 maxsequence=3

Hi When I enable a box to do authentication using LDAP it breaks cron for users like jboss. I get the following in /var/log/secure Sep 14 15:25:01 exoipatest01 crond[7214]: pam_access(crond:account): access denied for user `jboss' from `cron' I have the following in /etc/ldap.conf nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,tomcat,radiusd,news,mailman,nscd,jboss

Hey gang, I seem to be having a brain disconnect on how to get the Augeas type to manage things that have multiple values (i.e. an Augeas tree) via Puppet. If I run this in augtool: augtool> set /files/etc/ssh/sshd_config/AllowGroups/1000 sshuser augtool> save I see this in /etc/ssh/sshd_config: AllowGroups sshuser However, if I try this in an Augeas type: augeas {

On 11.10.2016 17:22, Harry Jede via samba wrote: > Am Dienstag, 11. Oktober 2016 schrieben Sie: >> On 11.10.2016 13:52, Harry Jede via samba wrote: >>> On 10:43:49 wrote Gavrilov Aleksey via samba: >>> Until now, you have destroyed your domain. >>> Is the ldap directory on localhost in production or is this pc in a >>> test lab? >> a copy of the

Having issues adapting our 3.4 configuration that worked very well using idmap rid in 3.3. It seems like winbind does not cache the credentials despite all of the settings being present. I can set winbind offline via smbcontrol and have it work, but if I reboot the machine (important for my laptops) off the network winbind complains that it can't find the logon server. When disconnected and

Hi al.I have a problem with pam.d authentication rules. I searched on google and modified my system-auth file.Bu some rules does not works properly my system-auth like below: -------------------------- auth required pam_env.so auth required pam_tally.so onerr=fail per_user deny=3 auth sufficient pam_unix.so md5 nullok try_first_pass auth requisite

Hello, I think to have find a small pb with openssh when a Radius server is unreachable. I use radius authentication with pam my system-auth is the following auth [success=done auth_err=die default=ignore] /lib/security/pam_radius_auth.so try_first_pass debug auth [success=ignore auth_err=ignore default=ignore] pam_nologin.so file=/etc/raddb/radiusfailure auth

Hi everybody! I am having an issue regarding my samba/pam configuration. I am trying to sync my unix/samba passwords, but everything i found online doesn't help. My System runs Gentoo/Samba 3.5.8 as PDC(roaming profiles host and so on) , and WinXP Clients. Domainjoin and Login work fine. But I want to change the Passwords from the Windows interface. When I try to change the password using

Hello all, At this moment I am running a samba-ldap-pdc. This works really good. But what worries me is the following thing: user accounts never get locked. This is a problem cause anyone can guess or use bruteforce to enter password. Is there a solution/workaround for this? I want the following situation : when a user tries to logon for 4 times I want the account to lock out the account.

I have been ready everything I can regarding this setup but am having a problem that I am unsure of. I am unable to authenticate any user despite the following commands working: %> getent passwd <username> %> wbinfo -u %> wbinfo -g With the getent passwd I am able to see all of my UID/GID being mapped via winbdind to the rid of the domain user account. This command fails: %>

We have a small Ubuntu 9.10 file server in a large Win 2003/2008 domain. There is no X nor web browser in the server. I have rights to join machines to the domain, but I'm not an Administrator There is about 10 users in this server, who want to authenticate with domain passwords when they mount their home directories to WindowsXP workstations. The ssh passwords should be local and separated

Good Day, I am testing, in a lab environment, samba shares with ad authentication for access. My setup is as follows : * Windows 2008 RC2 * RHEL 5.9 * Windows 7 * Windows XP SP3 * Samba 3.0.33-3.39.el5_8 All machines, including the RHEL Server having been added to the Domain running on the Windows 2008 RC2 Server. As per the subject, when trying to connect, from XP or Win 7, to the shares I

Hi I am trying to lock users after 3 attempts and then set the timeout before they can log in again. I thought i could achieve this with auth required pam_tally.so deny=3 unlock_time=600 in /etc/pam.d/system-auth but it seems to not be the case - I cant find a working config for this anywhere and i wonder if anyone has one they can share? thanks

I have a Suse 9.1 Enterprise Server connected to our Windows 2003 Active Directory Domain for use a file server, housing peoples home(backup) directories. The Suse box is connected to AD with winbind and it's connected fine. The problem is that when I create a user on the windows box it's not creating a home directory in Linux. It says I don't have create access on the server when I

Hi, I am using samba 3.0.10 on Debian and have had my users in tdbsam backend untill now. They have had the ability to change their unix password along with samba password and besides that I was able to apply some PAM restrictions to the users password strength via pam_cracklib.so library. I have now moved the users into ldap and auth works ok, but I cannot change users password and still have

Hello all, I've installed samba-3.0.1 on a linux machine that has a role of domainmember in an NT domain. What I would like is that there would be nothing to do on the linux machine when adding a user in teh NT domain. For that I have started and configured winbind that works fine. But I want to create a share for each user on the NT domain. I have in my smb.conf a [homes] share, but when a

Am Mittwoch, 12. Oktober 2016 schrieben Sie: > Thanks to your help, earned. > > 1. I reinstalled ldap > > 2. remove all entries except sambaDomainName According to your logs, you have had three entries > 2. smbldap-populate > > 3. /usr/local/sbin/smbldap-passwd -s root > > 4. net rpc join -S 127.0.0.1 -U root%secret > > 5. restore from a backup of users,

Migration was held in connection with the breakdown of the old server after setting up a new server stopped working to add windows pc to a domain root at pdc:/var/log/samba# cat /etc/samba/smb.conf [global] # Default options allow nt4 crypto = yes client ntlmv2 auth = no disable spoolss = yes dns proxy