Displaying 20 results from an estimated 1000 matches similar to: "GSSAPI vs group check"
2018 Jun 08
0
GSSAPI vs group check
Dear All,
We are having a very similar issue with dovecot 2.2.34 as ?kos. We want
our users to authenticate via GSSAPI over Kerberos using their TGT.
Our setup is two distinct locations with their own dovecot's with access
to these being handled via LDAP auth mechanism with filters to check for
their group memberships, i.e. users from location A are in group A and
users from location B
2006 Sep 22
1
ssh login through AD solution
Thanks to Anthony Ciarochi at Centeris for this solution.
I have a Centos (Red Hat-based) server that is now accessible to AD users
AND local users via ssh. I can control which AD groups can login using the
syntax below. Red Hat-based distros use "pam_stack" in pam.d which is quite
different than Debian's "include" based pam.d,
cat /etc/pam.d/sshd
#
2012 May 31
1
Tangential Issue: idmap backend = ad and Active Directory 2008R2
Tried single quotes on Domain Admins in the pam.d file as well as a backslash on the space with no effect. I've found several references that just say "no spaces in group names." Is there really no way to do this?
Also, most references I find to using these lines in pam.d say that "sufficient" should work, but I'm finding that users in the named group can then log in
2012 Feb 20
1
A couple of quick questions
Hi, Everybody,
I have a couple of quick questions that I'm having a little of
difficulty with. I'm guessing these will be pretty easy to answer.
The first is;
1) Is it possible to deterministically set the domain name that will
be used when the "winbind use default domain = Yes" option is
configured in /etc/samba/smb.conf? I want to set a default domain,
however I do not
2013 Jan 24
3
require_membership_of is ignored
I have a RHEL 6.3 machine successfully bound to AD using winbind, and commands like wbinfo -u and wbinfo -g output the users and groups. I can also log in as any AD user.
The problem is, I can log on as any AD user.
require_membership_of is being ignored. I can put in a valid group with no spaces in the name, a group by SID, and either way, everyone can log in.
I've put this option in both
2008 Feb 20
0
samba, PAM and active directory
Hi,
I want that users can log on (SSH and console) a
Debian box can do it through Active Directory. I still
want that root user can log on (SSH and console) so I
created a wheel group for that.
I can log on successfully with all AD and root
users. However, I'd like to limit the AD users to the
technology domain group.
I've googled a lot:
2024 Jun 12
2
use of ‘idmap_ldb:use rfc2307 = yes’ in DCs
On Wed, 12 Jun 2024 09:00:47 +0200
Christian Naumer via samba <samba at lists.samba.org> wrote:
> Am 11.06.24 um 19:37 schrieb Luis Peromarta via samba:
> > Correct, and I have done so and explained extensively at the
> > beginning to this thread.
> >
> > Question is:
> >
> > Should we stop telling people to provision with idmap_ldb:use
> >
2009 Sep 16
1
locking down ssh when using winbind
Hi all,
I'm using samba with winbind which has been integrated with Active
Directory.
In the smb.conf file, I have
template shell = /bin/bash
winbind use default domain = yes
to allow ssh but I don't want all the domain users to be able to ssh.
Is there a way to only allow for example) domain\ssh_group which is an
active directory group to be able to ssh into the server?
This is my
2011 Apr 29
1
Can somebody explay the here down message lines from server Centos 5.6
**Unmatched Entries**
gdm[5342]: pam_succeed_if(gdm:auth): error retrieving information about user
gdm[5342]: pam_succeed_if(gdm:auth): error retrieving information about user
gdm[5342]: pam_succeed_if(gdm:auth): error retrieving information about user
9 gdm[5342]: pam_succeed_if(gdm:auth): error retrieving information about
user gdm[5342]: pam_succeed_if(gdm:auth): error retrieving
2011 Sep 09
2
Attacking Dovecot
Hello,
I am using Dovecot ver.1.0.7 on an x86 server with RedHat Linux Enterprise 5
and the following configuration:
# 1.0.7: /etc/dovecot.conf
protocols: pop3
login_dir: /var/run/dovecot/login
login_executable: /usr/libexec/dovecot/pop3-login
mail_location: mbox:~/mail:INBOX=/var/mail/%u
mail_executable: /usr/libexec/dovecot/pop3
mail_plugin_dir: /usr/lib/dovecot/pop3
2012 May 29
4
idmap backend = ad and Active Directory 2008R2
Hello All,
I'm trying to set up linux ssh/shell authentication on a CentOS_6.2 server
running smbd version 3.5.10-114 using winbind/smb/pam. We've done this
successfully using the tdb backend but wanted users to get the same UID/GID
on every machine. Switched to rid for the backend but users still got a
foreign number for UID and their default group was always Domain Users. So
I'm
2013 Jun 19
1
"The account is not authorized to login from this station"
Good Day,
I am testing, in a lab environment, samba shares with ad authentication for access. My setup is as follows :
* Windows 2008 RC2
* RHEL 5.9
* Windows 7
* Windows XP SP3
* Samba 3.0.33-3.39.el5_8
All machines, including the RHEL Server having been added to the Domain running on the Windows 2008 RC2 Server.
As per the subject, when trying to connect, from XP or Win 7, to the shares I
2015 May 11
2
ldap host attribute is ignored
one more thing: firewalld service and selinux are deactivated.
On 05/11/2015 07:06 PM, Ulrich Hiller wrote:
> Hmmm...., i have made now a complete new install but the problem
> persists: ldap authentication works, but the host attribute is ignored.
>
> I have installed CentOS7 64bit with KDE.
> I did not do any 'yum update' or install of extra packages so far.
>
>
2020 Sep 11
4
Winbind offline cache and strangeness...
I've setup a portable system (ubuntu 16.04) joined to my AD domain,
that in their primary network works as expected.
But in this 'COVID time', the portable start to roam around, and users
say me that, suddenly after some days of use, get incredibly
sloooowww... after that users reboot, and cannot get back in, login
refused.
I've setup a VPN, but clearly if users cannot login
2015 May 08
4
ldap host attribute is ignored
>> But instead i get
>> centos: sshd[7929]: pam_unix(sshd:session): session opened for user
>> <username>
>
> "pam_unix" should be an indication that <username> appears in the local
> unix password files. Make sure that it doesn't.
Nope. None of the usernames i tried is in /etc/passwd or /etc/shadow
>
> What do /etc/pam.d/sshd and
2015 Oct 08
2
Changing User password from ssh member server
Hi Rowland,
This is a CentOS 6.7 server.
I was able to make some progress. I have edited /etc/pam.d/system-auth, and
now it looks like:
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account
2010 Feb 16
2
pam_mount
Hi all,
I am a bit confused about the usage of pam_mount.
Here is my /etc/pam.d/system-auth:
auth required pam_env.so
auth required pam_mount.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_krb5.so use_first_pass
auth required pam_deny.so
account
2011 Sep 19
6
64.31.19.48 attempt to break into my computer
>From my secure log:
Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:64.31.19.48
Sep 19 01:16:44 lin12 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user aaron
Sep 19 01:16:45 lin12
2014 Oct 29
1
samba ssh change password Error was: Wrong password
passwd: Authentication token manipulation error
smbpasswd: machine 127.0.0.1 rejected the password change: Error was :
Wrong Password
best regards
[FACILITY/btombul at samba ~]$ passwd
Changing password for user FACILITY/btombul.
Changing password for FACILITY/btombul
(current) NT password:
New password:
Retype new password:
passwd: Authentication token manipulation error
[FACILITY/btombul at
2011 Jun 09
1
pam_succeed_if
Hi,
The default system-auth file for PAM on CentOS has the following auth
section:
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
What's the use of the pam_succeed_if line? It will only be reached if
the pam_unix doesn't succeed and from