similar to: samba ssh change password Error was: Wrong password

>> But instead i get >> centos: sshd[7929]: pam_unix(sshd:session): session opened for user >> <username> > > "pam_unix" should be an indication that <username> appears in the local > unix password files. Make sure that it doesn't. Nope. None of the usernames i tried is in /etc/passwd or /etc/shadow > > What do /etc/pam.d/sshd and

one more thing: firewalld service and selinux are deactivated. On 05/11/2015 07:06 PM, Ulrich Hiller wrote: > Hmmm...., i have made now a complete new install but the problem > persists: ldap authentication works, but the host attribute is ignored. > > I have installed CentOS7 64bit with KDE. > I did not do any 'yum update' or install of extra packages so far. > >

On 05/09/2015 01:24 PM, Jonathan Billings wrote: > Is it normal to have pam_unix and pam_sss twice for each each section? No. See my previous message. I think it's the result of copying portions of SuSE configurations.

Thanks a lot for looking over the config. I am at the topic "user data is available" id <username> and getent passwd and ldapsearch -x -b "ou=XXX,o=YYY" uid=<username> give the correct results ldapsearch gives also the correct host attribute i have set in the ldap server. Regarding the manpage of sssd.conf the lines access_provider = ldap ldap_access_order =

Hmmm...., i have made now a complete new install but the problem persists: ldap authentication works, but the host attribute is ignored. I have installed CentOS7 64bit with KDE. I did not do any 'yum update' or install of extra packages so far. these pam and ldap packages are installed: openldap-devel-2.4.39-6.el7.x86_64 openssh-ldap-6.6.1p1-11.el7.x86_64 openldap-2.4.39-6.el7.x86_64

I am still not understanding why your using MD5? Is it because everyone in InfoSec declared that everyone finally went from md5 to sha512 or what? -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Ulrich Hiller Sent: Monday, May 11, 2015 1:40 PM To: CentOS mailing list Subject: Re: [CentOS] ldap host attribute is ignored one more

On May 8, 2015, at 11:14 AM, Ulrich Hiller <hiller at mpia-hd.mpg.de> wrote: > > /etc/pam.d/system-auth: > ----------------------- > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required pam_env.so > auth sufficient pam_unix.so nullok try_first_pass > auth

On 7/28/2020 3:59 PM, Jason Keltz via samba wrote: > I'm experimenting with smb + winbind. > > My host is joined to AD and I can login to my host fine using my AD > credentials via SSH.?? The only issue is that I don't get a Kerberos > ticket generated. > > In /etc/security/pam_winbind.conf I have: > > krb5_auth = yes > > krb5_ccache_type = KEYRING >

I'm experimenting with smb + winbind. My host is joined to AD and I can login to my host fine using my AD credentials via SSH.?? The only issue is that I don't get a Kerberos ticket generated. In /etc/security/pam_winbind.conf I have: krb5_auth = yes krb5_ccache_type = KEYRING In /etc/krb5.conf, I also have: default_ccache_name = KEYRING:persistent:%{uid} Using wbinfo -K jas, then

On 7/28/2020 4:11 PM, Jason Keltz wrote: > > On 7/28/2020 3:59 PM, Jason Keltz via samba wrote: >> I'm experimenting with smb + winbind. >> >> My host is joined to AD and I can login to my host fine using my AD >> credentials via SSH.?? The only issue is that I don't get a Kerberos >> ticket generated. >> >> In

Hi, mail is delivered by Dovecot's LMTP locally and I need user's home directory to be created if it doesn't exist yet. There is a setting in Dovecot's configuration, "session=yes", in /etc/Dovecot/conf.d/auth-system.conf.ext, which should do that. passdb { driver = pam args = session=yes dovecot } But I think it does not work in my setup because I do not see any

Hi, mail is delivered by Dovecot's lmtp locally and I need user's home directory to be created if it doesn't exist yet. There is a setting in Dovecot's configuration, "session=yes", in /etc/Dovecot/conf.d/auth-system.conf.ext, which should do that. passdb { driver = pam args = session=yes dovecot } But I think it does not work in my setup because I do not see

Hi Team, We have a weird issue that we are trying to understand. We have winbind set up and working successfully for user authentication with passwords via ssh. We have pam.d/system-auth-ac and password-auth-ac (symlinked) set to require membership of a group which works great via password authentication. However, if the user has a ssh key set up, they seem to bypass the group membership

Dear list members, i have installed a CentOS 7 x86_64 system. I want to let users authenticate over our ldap server. This seems to be working. ldap-username and ldap-passwords are accepted for the users configured in the ldap server. No problem. Now i want to restrict the access to users who have my centos-machine in their ldap host attribute. My problem is, that this host attribute seems to be

This seems to be common thread on the list, but I'm pulling my hair out and have to ask.. I've been following a couple of guides and using AD to authenticate users on my linux system. These include the ubuntu guide -- https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto - https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member -

Hello, I have been using Fedora Core, Samba, and Active Directory to provide authentication services for Windows based users for a few years now, but as an experiment I wanted to accomplish the same service with SUSE 9.3 . I have been able to get this configuration to run successfully with RH9, FC1, FC2, FC3, and FC4 (buggy but works), but with SUSE I have stalled a bit. I feel I have

Tried single quotes on Domain Admins in the pam.d file as well as a backslash on the space with no effect. I've found several references that just say "no spaces in group names." Is there really no way to do this? Also, most references I find to using these lines in pam.d say that "sufficient" should work, but I'm finding that users in the named group can then log in

Hi Rowland, This is a CentOS 6.7 server. I was able to make some progress. I have edited /etc/pam.d/system-auth, and now it looks like: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account

Hi all, I am a bit confused about the usage of pam_mount. Here is my /etc/pam.d/system-auth: auth required pam_env.so auth required pam_mount.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth required pam_deny.so account

Hi When I enable a box to do authentication using LDAP it breaks cron for users like jboss. I get the following in /var/log/secure Sep 14 15:25:01 exoipatest01 crond[7214]: pam_access(crond:account): access denied for user `jboss' from `cron' I have the following in /etc/ldap.conf nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,tomcat,radiusd,news,mailman,nscd,jboss