Displaying 20 results from an estimated 10000 matches similar to: "Restricting physical login access to specific nodes using PAM / NSS / SMB4 AD/DC"
2015 Jul 31
6
Linux Workstation x SMB4 DC
What is the best way to authenticate users in SMB4 DC on Linux
workstation?
I'm using pam_winbind, but sometimes its very slow...
--
[]'s Jefferson B. Limeira
jbl at internexxus.com.br
https://br.linkedin.com/in/jlimeira
(41) 9928-8628
2014 Mar 25
1
sssd run level get turned off automagically
CentOS 6.5 (AMD64)
LDAP DS: via SSSD
When I did the OS installation (client site), I had turned the service
ON with 'chkconfig sssd on' and 'chkconfig sssd --list' showed that
it was ON
However, whenever the server has been 'hard' rebooted, 'service sssd
status' shows that it is not running. 'chkconfig sssd --list' shows
it is OFF!
I don't
2011 Oct 31
3
NSS ldap problems
I'm having trouble setting up ldap based authenication.
I have a virtual (KVM) CentOS 5.4 box set up to authenticate to a 389 (fedora) directory server, and that works fine.
However, I set up a virtual box running CentOS 6, and I can't get it to authenicate.
I've run authconfig with the appropriate flags, ldapsearch properly finds the data, but I can't log in. /var/log/secure
2006 Jun 07
1
NSS/PAM LDAP Config
Ok, I've been literally throwing things in my effort to fix this.
Please help me from damaging something valueable! :)
I've installed Samba 3.0.22 and OpenLDAP etc.
I've used the IDEALX scripts to create the LDAP tree etc.
Everything goes swimmingly until I try to check and see if NSS/PAM is
working right.
I use the following command as shown in SBE to check NSS/PAM working.
getent
2006 May 24
1
NSCD, should it be used or not with LDAP, pam, nss
Again, another confusing issue in two how-to's I'm trying to resolve.
In the SBE (samba-3 by example) Pg 161 in the PDF states. (It's
actually page 200 of the PDF, but 161 of the numbered document pages.)
"The name service caching daemon (nscd) is a primary cause of
difficulties with name resolution, particularly where winbind is
used."
But the Authconfig in the IDEALX
2014 Aug 29
1
C7: need authconfig against LDAP
Hi all,
On a C6 box, when I want to enable LDAP authentication, I issue:
# yum -y install nss-pam-ldapd pam_ldap nscd
# authconfig --enableldap --enableldapauth --enablemkhomedir \
--ldapserver=ldap://ldap-blabla/ \
--ldapbasedn="blabla" \
--enablecache --disablefingerprint \
--kickstart --update
All is working fine, the directory structure is fine and compliant.
2013 Feb 20
3
LDAP users/groups not showing up with nis, pam, & ldap
I am trying to configure NIS, PAM, & LDAP on a CentOS 6.2 host. I've
previously installed a similar configuration on RHEL4, but CentOS now
uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations
are a little different.
Currently, local users and groups are showing up but not LDAP users.
When I do a /getent passwd/ and/getent group/ I don't get LDAP users.
When I do
2011 Jun 17
2
Restricting logins using pam_winbind require_membership_of ?
Hi.
I have some shares on a server that are offered to specific Active Directory
user groups, but the business doesn't want those users to be able to login
to the server. If I were to add "require_membership_of" to pam_winbind to
limit logins and shut out the users I don't want, would it also have the
side effect of denying those users access to the shares as well?
Regards,
2015 May 11
3
ldap host attribute is ignored
On 05/09/2015 01:24 PM, Jonathan Billings wrote:
> Is it normal to have pam_unix and pam_sss twice for each each section?
No. See my previous message. I think it's the result of copying
portions of SuSE configurations.
2020 Oct 13
2
Samba SSSD authentication via userPrincipalName does not work because samba claims that the username does not exist.
On 13/10/2020 15:01, Markus Jansen via samba wrote:
> Thank you very much for your hints.
>
> I got rid of SSSD and managed to get a successful kerberos
> authentication via wbinfo -K and the UPN.
>
> But accessing via SMB (using MAC OS' smbutil or Finder) still fails with
> "FAILED with error NT_STATUS_NO_SUCH_USER".
>
> As I'm using CentOS 8, I used
2019 Nov 07
3
NT_STATUS_ACCESS_DENIED (0xc0000022, authoritative=0)
Good afternoon friends
I have a problem with SAMPA
My environment has several branches. And each branch office has an AD Win 2012 Server
And I have in each branch a Centos Server 7.7 with sampa 4.9.1 that only communicates with the matrix server AD. Samba does not communicate with the local AD Server.
Follow my SAMPA setup
# See smb.conf.example for a more detailed config file or
# read the
2015 Jul 31
3
Linux Workstation x SMB4 DC
On 31/07/15 18:53, Denis Cardon wrote:
> Hi Jefferson,
>
> Le 31/07/2015 15:22, Jefferson B. Limeira a écrit :
>> What is the best way to authenticate users in SMB4 DC on Linux
>> workstation?
>> I'm using pam_winbind, but sometimes its very slow...
>
> Configuring everything correctly on the workstation side is quite
> tricky. If you have laptops among
2019 Jun 21
2
Samba winbind on redhat 7
On 21/06/2019 15:39, Edouard Guign? via samba wrote:
> Hello,
>
> I am facing 2 issues now.
> The first one is the more critical for me...
>
> 1. When I switch from sssd to winbind with :
> # authconfig --enablekrb5 --enablewinbind --enablewinbindauth
> --enablemkhomedir --update
>
> My sftp access did not work. Does it change the way to pass the login ?
> I used
2015 Jan 21
2
Is anyone using C7 in production yet? (sssd, nss-pam-ldapd, kerberos, etc)
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Gordon Messmer
> Sent: den 21 januari 2015 05:47
> To: CentOS mailing list
> Subject: Re: [CentOS] Is anyone using C7 in production yet? (sssd,
nss-pam-
> ldapd, kerberos, etc)
>
> On 01/20/2015 05:26 PM, Dan Irwin wrote:
> > Before I fire up a
2015 May 11
2
ldap host attribute is ignored
one more thing: firewalld service and selinux are deactivated.
On 05/11/2015 07:06 PM, Ulrich Hiller wrote:
> Hmmm...., i have made now a complete new install but the problem
> persists: ldap authentication works, but the host attribute is ignored.
>
> I have installed CentOS7 64bit with KDE.
> I did not do any 'yum update' or install of extra packages so far.
>
>
2015 Jan 21
2
Is anyone using C7 in production yet? (sssd, nss-pam-ldapd, kerberos, etc)
Hi all,
Is anyone using C7 in production with LDAP and kerberos?
Currently all of my machines run C5 or C6 with nss-pam-ldapd or nss_ldap,
with kerberos and pam_krb5 for authentication.
Before I fire up a test VM (is it even worth it?) I wanted to check
feedback from the community.
Cheers!
Dan
2007 Jul 03
2
How to configure PAM in Centos 5 64-bit?
I'm new the the PAM world and have CentOS 5 64-bit installed on a system.
I want to tweak some of the system-auth module settings, but the top of
the file says anything configured in that file will get overwritten, as it
is autogenerated by authconfig.
I checked out authconfig, and it doesn't seem clear to me how to make the
changes I need via authconfig.
So, where do I need to look?
2020 Oct 02
4
Kerberos ticket lifetime
Maybe its..
authconfig --enablewinbindkrb5 --update
Requirements to achieve this:
- A valid /etc/krb5.conf
- A valid system keytab /etc/krb5.keytab
- A valid /etc/samba/smb.conf -> will be modified by authconfig
( found on internet worked in centos7 )
But better read..
https://sssd.io/docs/users/pam_krb5_migration.html
Greetz,
Louis
> -----Oorspronkelijk bericht-----
>
2016 Jun 23
3
sssd.conf file missing
Hello --
I made the suggested changes to the sssd.conf file, and the results are the same.
Just to make sure my syntax is correct:
The following section was added to the end of the file:
[sssd]
debug_level = 4
config_file_version = 2
domains = company/company.org
-----Original Message-----
From: l at avc.su [mailto:l at avc.su]
Sent: Thursday, June 23, 2016 9:08 AM
To: Kaplan, Andrew H.;
2015 Jan 21
4
Is anyone using C7 in production yet? (sssd, nss-pam-ldapd, kerberos, etc)
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Fred Smith
> Sent: den 21 januari 2015 15:35
> To: centos at centos.org
> Subject: Re: [CentOS] Is anyone using C7 in production yet? (sssd, nss-pam-
> ldapd, kerberos, etc)
>
> > > > Before I fire up a test VM (is it even worth it?) I wanted to