similar to: Restricting physical login access to specific nodes using PAM / NSS / SMB4 AD/DC

What is the best way to authenticate users in SMB4 DC on Linux workstation? I'm using pam_winbind, but sometimes its very slow... -- []'s Jefferson B. Limeira jbl at internexxus.com.br https://br.linkedin.com/in/jlimeira (41) 9928-8628

CentOS 6.5 (AMD64) LDAP DS: via SSSD When I did the OS installation (client site), I had turned the service ON with 'chkconfig sssd on' and 'chkconfig sssd --list' showed that it was ON However, whenever the server has been 'hard' rebooted, 'service sssd status' shows that it is not running. 'chkconfig sssd --list' shows it is OFF! I don't

I'm having trouble setting up ldap based authenication. I have a virtual (KVM) CentOS 5.4 box set up to authenticate to a 389 (fedora) directory server, and that works fine. However, I set up a virtual box running CentOS 6, and I can't get it to authenicate. I've run authconfig with the appropriate flags, ldapsearch properly finds the data, but I can't log in. /var/log/secure

Ok, I've been literally throwing things in my effort to fix this. Please help me from damaging something valueable! :) I've installed Samba 3.0.22 and OpenLDAP etc. I've used the IDEALX scripts to create the LDAP tree etc. Everything goes swimmingly until I try to check and see if NSS/PAM is working right. I use the following command as shown in SBE to check NSS/PAM working. getent

Again, another confusing issue in two how-to's I'm trying to resolve. In the SBE (samba-3 by example) Pg 161 in the PDF states. (It's actually page 200 of the PDF, but 161 of the numbered document pages.) "The name service caching daemon (nscd) is a primary cause of difficulties with name resolution, particularly where winbind is used." But the Authconfig in the IDEALX

Hi all, On a C6 box, when I want to enable LDAP authentication, I issue: # yum -y install nss-pam-ldapd pam_ldap nscd # authconfig --enableldap --enableldapauth --enablemkhomedir \ --ldapserver=ldap://ldap-blabla/ \ --ldapbasedn="blabla" \ --enablecache --disablefingerprint \ --kickstart --update All is working fine, the directory structure is fine and compliant.

I am trying to configure NIS, PAM, & LDAP on a CentOS 6.2 host. I've previously installed a similar configuration on RHEL4, but CentOS now uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations are a little different. Currently, local users and groups are showing up but not LDAP users. When I do a /getent passwd/ and/getent group/ I don't get LDAP users. When I do

Hi. I have some shares on a server that are offered to specific Active Directory user groups, but the business doesn't want those users to be able to login to the server. If I were to add "require_membership_of" to pam_winbind to limit logins and shut out the users I don't want, would it also have the side effect of denying those users access to the shares as well? Regards,

On 05/09/2015 01:24 PM, Jonathan Billings wrote: > Is it normal to have pam_unix and pam_sss twice for each each section? No. See my previous message. I think it's the result of copying portions of SuSE configurations.

On 13/10/2020 15:01, Markus Jansen via samba wrote: > Thank you very much for your hints. > > I got rid of SSSD and managed to get a successful kerberos > authentication via wbinfo -K and the UPN. > > But accessing via SMB (using MAC OS' smbutil or Finder) still fails with > "FAILED with error NT_STATUS_NO_SUCH_USER". > > As I'm using CentOS 8, I used

Good afternoon friends I have a problem with SAMPA My environment has several branches. And each branch office has an AD Win 2012 Server And I have in each branch a Centos Server 7.7 with sampa 4.9.1 that only communicates with the matrix server AD. Samba does not communicate with the local AD Server. Follow my SAMPA setup # See smb.conf.example for a more detailed config file or # read the

On 31/07/15 18:53, Denis Cardon wrote: > Hi Jefferson, > > Le 31/07/2015 15:22, Jefferson B. Limeira a écrit : >> What is the best way to authenticate users in SMB4 DC on Linux >> workstation? >> I'm using pam_winbind, but sometimes its very slow... > > Configuring everything correctly on the workstation side is quite > tricky. If you have laptops among

On 21/06/2019 15:39, Edouard Guign? via samba wrote: > Hello, > > I am facing 2 issues now. > The first one is the more critical for me... > > 1. When I switch from sssd to winbind with : > # authconfig --enablekrb5 --enablewinbind --enablewinbindauth > --enablemkhomedir --update > > My sftp access did not work. Does it change the way to pass the login ? > I used

> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Gordon Messmer > Sent: den 21 januari 2015 05:47 > To: CentOS mailing list > Subject: Re: [CentOS] Is anyone using C7 in production yet? (sssd, nss-pam- > ldapd, kerberos, etc) > > On 01/20/2015 05:26 PM, Dan Irwin wrote: > > Before I fire up a

one more thing: firewalld service and selinux are deactivated. On 05/11/2015 07:06 PM, Ulrich Hiller wrote: > Hmmm...., i have made now a complete new install but the problem > persists: ldap authentication works, but the host attribute is ignored. > > I have installed CentOS7 64bit with KDE. > I did not do any 'yum update' or install of extra packages so far. > >

Hi all, Is anyone using C7 in production with LDAP and kerberos? Currently all of my machines run C5 or C6 with nss-pam-ldapd or nss_ldap, with kerberos and pam_krb5 for authentication. Before I fire up a test VM (is it even worth it?) I wanted to check feedback from the community. Cheers! Dan

I'm new the the PAM world and have CentOS 5 64-bit installed on a system. I want to tweak some of the system-auth module settings, but the top of the file says anything configured in that file will get overwritten, as it is autogenerated by authconfig. I checked out authconfig, and it doesn't seem clear to me how to make the changes I need via authconfig. So, where do I need to look?

Maybe its.. authconfig --enablewinbindkrb5 --update Requirements to achieve this: - A valid /etc/krb5.conf - A valid system keytab /etc/krb5.keytab - A valid /etc/samba/smb.conf -> will be modified by authconfig ( found on internet worked in centos7 ) But better read.. https://sssd.io/docs/users/pam_krb5_migration.html Greetz, Louis > -----Oorspronkelijk bericht----- >

Hello -- I made the suggested changes to the sssd.conf file, and the results are the same. Just to make sure my syntax is correct: The following section was added to the end of the file: [sssd] debug_level = 4 config_file_version = 2 domains = company/company.org -----Original Message----- From: l at avc.su [mailto:l at avc.su] Sent: Thursday, June 23, 2016 9:08 AM To: Kaplan, Andrew H.;

> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Fred Smith > Sent: den 21 januari 2015 15:35 > To: centos at centos.org > Subject: Re: [CentOS] Is anyone using C7 in production yet? (sssd, nss-pam- > ldapd, kerberos, etc) > > > > > Before I fire up a test VM (is it even worth it?) I wanted to