similar to: [Bug 2475] New: Login failure when PasswordAuthentication, ChallengeResponseAuthentication, and PermitEmptyPasswords are all enabled

I've gone back to 3.0.1 to try and get winbind to work with my Solaris 9 machine and NT4 domain. Everything works except user authentication. The wbinfo and getent commands do what they are supposed to. I've included a truss of 'su - ganguly' According to pamlog, the user 'ganguly' has been granted access but it is still hanging. How do I do a truss of a telnet login?

I am using Ubuntu Gutsy, which comes with Winbind 3.0.26a. I am using the same configuration that worked on Ubuntu Feisty, which uses Winbind 3.0.24. Something changed with Winbind, apparently, to break the configuration that was working perfectly. How can I fix my configuration to work with the new version? The symptoms are as follows: wbinfo -t works wbinfo can retrieve a list of users wbinfo

Hi People! I use pam_winbind for authentication in my computer workstation using Debian Lenny 5.0, Stable Version. I configure my user with this option "sambaPwdMustChange: 0", and I logon in GDM without asking to change password. Who knows what can be? I use Samba PDC with Heimdal Kerberos, but, I configure PAM with only pam_winbind for tests... Client versions: ii

Greetings, Problem : Openssh3.6.1p2 on UnixWare 7.1.1 allows access to passwordless account without a valid key when sshd_config has PasswordAuthentication no + PermitEmptyPasswords yes Attempts: Installed maintence pack3 and recompiled both OpenSSH and OpenSSL (0.9.7b) with native c compiler. Recompiled both OpenSSH and OpenSSL (0.9.7b) with gcc (2.95.2). Still the same problem. Looking at

Greetings, I recently discovered a problem with OpenSSH 3.6.1p2 and UnixWare 7.1.1 (as well as OpenServer 5.0.X and SCO 3.2v4.2) When I set up sshd_config as follows: PasswordAuthentication no PermitEmptyPasswords yes and try to connect to a password less account ( I know its a F*up, but that's the application ID10Ts .... ) I can get in using the SSH2 version without a valid key, the

Ok, so, things are complicated. The PAM standard insists on password aging being done after account authorization, which comes after user authentication. Kerberos can't authenticate users whose passwords are expired. So PAM_KRB5 implementations tend to return PAM_SUCCESS from pam_krb5:pam_sm_authenticate() and arrange for pam_krb5:pam_sm_acct_mgmt() to return PAM_NEW_AUTHTOK_REQD, as

Hi 3.0.23rc3 pam_winbind on SLES9/i386 with the provided RPMs doesn't work: PAM unable to resolve symbol: pam_sm_authenticate PAM unable to resolve symbol: pam_sm_setcred Is this a compile problem ? SLES9 specific ? I am trying to setup the cool Kerberos integration that Samba can do for Linux. Can anyone point me to docs about that ? Thanks, Schlomo

I did re-read the whole thread again. Im running out of options.. When i look at : https://wiki.samba.org/index.php/PAM_Offline_Authentication You can do these last checks. Run the : Testing offline authentication as show on the wiki. Debian normaly does not have /etc/security/pam_winbind.conf, check if its there if so backup it remove it. Check if these packages are installed.

To stem the tide of support requests from people who don't read the INSTALL file when installing OpenSSH and then complain about password auth failing. I am considering the idea of automagically installing a PAM file into /etc/pam.d if it exists, PAM support is enabled and no such file already exists. I have a couple of questions: - How is PAM controlled on Solaris? Is there a pam.d

https://bugzilla.mindrot.org/show_bug.cgi?id=3157 Bug ID: 3157 Summary: known_hosts @cert-authority with legacy plain key entry drops incorrect set of HostKeyAlgorithms Product: Portable OpenSSH Version: 8.1p1 Hardware: All OS: Mac OS X Status: NEW Severity: normal Priority:

We've been having trouble with OpenSSH 2.9p2, running on Solaris 8 (a domain of an E10k), with PAM authentication turned on. It intermittently crashes with signal 11 (seg fault) after the password is entered, after the MOTD is displayed, but before control is passed over to the login shell. I eventually managed to persuade sshd's child process to consistently crash, upon entry of an

Hi, Taking a stab at getting OSX Server 10.2.4 running Dovecot -- with a minor tweak of replacing lchown() with chown() in the src/lib/sakfe-mkdir.c, it compiled and installed without any problems. However, oddness in authentication. It works once, but only once. I'm trying to use pam and have the following: auth required pam_securityserver.so auth sufficient

I'm experimenting with smb + winbind. My host is joined to AD and I can login to my host fine using my AD credentials via SSH.?? The only issue is that I don't get a Kerberos ticket generated. In /etc/security/pam_winbind.conf I have: krb5_auth = yes krb5_ccache_type = KEYRING In /etc/krb5.conf, I also have: default_ccache_name = KEYRING:persistent:%{uid} Using wbinfo -K jas, then

>> >Could we please have a clarification on the semantics of >> >PAM_CRED_ESTABLISH vs. the semantics of PAM_REINITIALIZE_CREDS? >> >> My interpretation is: >> >> You call PAM_ESTABLISH_CRED to create them >> You call PAM_REINITIALIZE_CRED to update creds that can expire over time, >> for example a kerberos ticket. Oops. I meant

Hi, I am trying to setup PAM for telnet on my solaris 9 box and the pam_winbind grant me access but I recieve a acount failure: Jul 4 13:29:59 clusterix1 pam_winbind[9688]: user 'patrikg' granted acces Jul 4 13:29:59 clusterix1 login[9688]: login account failure: Permission denied The values in pam.conf for winbind is: login auth required /usr/lib/security/pam_winbind.so other

maybe this is a silly question ;-) But why is it possible to login on a machine with a locked account (passwd -l ) via pubkey-authentication (authorized_keys) ? I use OpenSSH3.01p1on Solaris8 with PAM support so I thought this should not happen. If this is the normal behaviour and built in intentionally what would be the easiest way to lock an account without deleting the users authorized_keys ?

Dear list, I'm trying to get a Thumper (Sun Fire X4500) to play nice with AD so that we can offer a nearline storage service. Since many of our users will have multiple group memberships, it's imperative that samba be able to recurse through the groups that a user is a member of to determine if they have access to a resource. What happens instead is that every user who authenticates is

openssh-unix-dev at mindrot.org kerberos at ncsa.uiuc.edu We believe there is a security flaw in either OpenSSH and/or RedHat's pam_krb5 module. When a Kerberos principal has the REQUIRES_PWCHANGE (+needchange) flag set, OpenSSH+pam_krb5 will still successfully authenticate the user. Local 'su' and 'login' fail in this case which leads us to believe it's at least

On 7/28/2020 4:11 PM, Jason Keltz wrote: > > On 7/28/2020 3:59 PM, Jason Keltz via samba wrote: >> I'm experimenting with smb + winbind. >> >> My host is joined to AD and I can login to my host fine using my AD >> credentials via SSH.?? The only issue is that I don't get a Kerberos >> ticket generated. >> >> In

Dear list, How do I test whether I have access to my winbind LDAP backend from my Solaris 9 machine? My LDAP database is held on a Redhat 9.0 machine also running Samba 3.0.0. I know winbind works because getent and wbinfo show up my NT users and groups. I would also like to have people log into my Solaris 9 machine with their NT usernames, I have this working on Redhat already but Solaris is