similar to: LDAP login problem for CentOS 6.5

one more thing: firewalld service and selinux are deactivated. On 05/11/2015 07:06 PM, Ulrich Hiller wrote: > Hmmm...., i have made now a complete new install but the problem > persists: ldap authentication works, but the host attribute is ignored. > > I have installed CentOS7 64bit with KDE. > I did not do any 'yum update' or install of extra packages so far. > >

>> But instead i get >> centos: sshd[7929]: pam_unix(sshd:session): session opened for user >> <username> > > "pam_unix" should be an indication that <username> appears in the local > unix password files. Make sure that it doesn't. Nope. None of the usernames i tried is in /etc/passwd or /etc/shadow > > What do /etc/pam.d/sshd and

Thanks a lot for looking over the config. I am at the topic "user data is available" id <username> and getent passwd and ldapsearch -x -b "ou=XXX,o=YYY" uid=<username> give the correct results ldapsearch gives also the correct host attribute i have set in the ldap server. Regarding the manpage of sssd.conf the lines access_provider = ldap ldap_access_order =

On 05/09/2015 01:24 PM, Jonathan Billings wrote: > Is it normal to have pam_unix and pam_sss twice for each each section? No. See my previous message. I think it's the result of copying portions of SuSE configurations.

On 21/06/2019 15:39, Edouard Guign? via samba wrote: > Hello, > > I am facing 2 issues now. > The first one is the more critical for me... > > 1. When I switch from sssd to winbind with : > # authconfig --enablekrb5 --enablewinbind --enablewinbindauth > --enablemkhomedir --update > > My sftp access did not work. Does it change the way to pass the login ? > I used

Hi Everyone, I made some small changes in my dovecot setup to switch it from looking up users and passwords from a mix of ldap (i.e. freeipa) and password files. One of the changes was to switch from using one id for all authentication to using individual ids) It's working fine with Evolution. I have one account authenticating with GSSAPI, which is my userid for logging into my desktop and

On 4/14/23 02:47, Christian Naumer via samba wrote: > We are only talking about joining your server to your REALM not the > clients. > > It is possible to do this. See this example for FreeIPA: > > https://freeipa.readthedocs.io/en/latest/designs/adtrust/samba-domain-member.html#domain-member-configuration-overview > > > But as you can see it is more complicated that

Hi Everyone, I'm running dovecot on a CentOS 7 box using PLAIN and GSSAPI auth. I need to use both because I have some clients that can't use GSSAPI. I haven't been able to get the userdb working properly without a password file and a userdb file. For example, I have to set the home default and change the username_format. I use FreeIPA and the dovecot server is joined properly to

Maybe its.. authconfig --enablewinbindkrb5 --update Requirements to achieve this: - A valid /etc/krb5.conf - A valid system keytab /etc/krb5.keytab - A valid /etc/samba/smb.conf -> will be modified by authconfig ( found on internet worked in centos7 ) But better read.. https://sssd.io/docs/users/pam_krb5_migration.html Greetz, Louis > -----Oorspronkelijk bericht----- >

On 13/10/2020 15:01, Markus Jansen via samba wrote: > Thank you very much for your hints. > > I got rid of SSSD and managed to get a successful kerberos > authentication via wbinfo -K and the UPN. > > But accessing via SMB (using MAC OS' smbutil or Finder) still fails with > "FAILED with error NT_STATUS_NO_SUCH_USER". > > As I'm using CentOS 8, I used

Thanks a lot for the explanation. I have confused some things while crawling through the manuals. Now i have removed the 'ldap' from the /etc/nsswitch.conf. Now it looks like this: passwd: files sss shadow: files sss group: files sss hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc:

On 16/07/2020 16:11, L.P.H. van Belle via samba wrote: > First of all, why does the DOMAIN contains/shows a dot in it. > ( i think its a wrong setting in sssd, but i dont know sssd ) > I know this is one of your REALMs and not the domain. > > > Now your lines : > Works Yes: Jul 16 11:23:48 uc-sssdlbox20 sshd[2048]: pam_sss(sshd:auth): authentication success; logname= uid=0

Hi I hope that I am not totally wrong when asking this on a Samba list, but as I followed a tutorial found at the SAMBA wiki I hope I can find someone how is able to help me. My goal is to set up a server acting as a SAMBA AD Server with single sign on for linux users. I use a Ubuntu Server 13.10 as the base. On top of this I installed a SAMBA 4.1.2 from GIT, did provisioning, Kerberos

Hi all, I hope that this request for help will be the last one, for a while to come. Today, sernet support helped my sort out our DC mess, and they did a great job. However, sssd no longer works, and I hope someone here can help out. We used to have DC1, DC2 and DC3. DC1 was the classic-upgraded, first, 'original' DC, and had to be shutdown, unfortunately. So only DC2 and DC3

Hi, Here is my desired configuration: An external LDAP server, Samba 4.1.8 (not configured as a member server or as a domain controller), and SSSD configured with the external LDAP server. Authentication locally and via ssh works fine using pam_sss.so. When attempting to authenticate a share on windows using an LDAP users credentials, the request fails with NT_STATUS_ACCESS_DENIED. I'd like

Running Feora 25 workstation we're able to register the computer in AD but I can't get SSH to authenticate properly. wbinfo -u brings back all the users. Just getting "Permission denied, please try again." Below are key settings in related conf files. rpm -q samba samba-4.5.8-1.fc25.x86_64 winbindd -V Version 4.5.8 /etc/nsswitch.conf: passwd: files winbind shadow:

I'm in a situation here at work where I'm trying to support a mixed network of OS X and RHEL desktop machines with a Postfix/Dovecot combination. - user account information is stored in LDAP - user credentials are in MIT Kerberos - server is running RHEL 6/Dovecot 2.0.9/Postfix 2.6.6 I am currently using the PAM passdb module to authenticate my users (I began to have trouble

Dear list members, i have installed a CentOS 7 x86_64 system. I want to let users authenticate over our ldap server. This seems to be working. ldap-username and ldap-passwords are accepted for the users configured in the ldap server. No problem. Now i want to restrict the access to users who have my centos-machine in their ldap host attribute. My problem is, that this host attribute seems to be

Hello, I have a big performance problem with a mail server using dovecot and authenticating users via ldap. The architecture of the machine is a local ldap and mysql server, they are used by dovecot for authenticating the mail users. If i use pam_sss the mail server has about 1/8 - 1/10 the performances it has if i use the pam_ldap. Even doing a 'time ls -l' on the mail tree (there are

Hi! How to get usermod working with SSSD/389DS ? We have SSSD set up on our server and it uses 389DS. SSSD was enabled with the following command: authconfig --enablesssd --enablesssdauth --ldapbasedn=dc=example,dc=com --enableshadow --enablemkhomedir --enablelocauthorize --update Running for example "usermod -L username" returns: usermod: user 'username' does not exist in