Displaying 20 results from an estimated 9000 matches similar to: "ssh authentication with AD"
2015 Nov 04
0
ssh authentication with AD
Ok, do the following.
Remove all you modifications from pam so its back to original.
apt-get install krb5-ssh
restart ssh, try again.
Still not working?
Now try correct pam.
Type : pam-auth-update
Select kerberos winbind and unix ( and keep other defaults as is )
Type id username
You see a correct shell and correct and existing homedir?
Not, you missed the setting in windows, or set
2015 May 11
3
ldap host attribute is ignored
On 05/09/2015 01:24 PM, Jonathan Billings wrote:
> Is it normal to have pam_unix and pam_sss twice for each each section?
No. See my previous message. I think it's the result of copying
portions of SuSE configurations.
2015 May 11
2
ldap host attribute is ignored
one more thing: firewalld service and selinux are deactivated.
On 05/11/2015 07:06 PM, Ulrich Hiller wrote:
> Hmmm...., i have made now a complete new install but the problem
> persists: ldap authentication works, but the host attribute is ignored.
>
> I have installed CentOS7 64bit with KDE.
> I did not do any 'yum update' or install of extra packages so far.
>
>
2005 Aug 15
1
enforcing password compexity (check password script, cracklib)
Hello,
I would like to enforce some level of password complexity when users
change their password. I have a Samba PDC running on Debian set to sync
Unix passwords. I'm trying to get Samba to work with cracklib, but it
isn't going well.
Here is what I've tried:
Installed libpam-cracklib, compiled examples/auth/crackcheck and copied
the binary to /usr/local/sbin.
I added the
2015 May 07
2
ldap host attribute is ignored
Thanks a lot for looking over the config.
I am at the topic "user data is available"
id <username>
and
getent passwd
and
ldapsearch -x -b "ou=XXX,o=YYY" uid=<username>
give the correct results
ldapsearch gives also the correct host attribute i have set in the ldap
server.
Regarding the manpage of sssd.conf the lines
access_provider = ldap
ldap_access_order =
2015 May 08
4
ldap host attribute is ignored
>> But instead i get
>> centos: sshd[7929]: pam_unix(sshd:session): session opened for user
>> <username>
>
> "pam_unix" should be an indication that <username> appears in the local
> unix password files. Make sure that it doesn't.
Nope. None of the usernames i tried is in /etc/passwd or /etc/shadow
>
> What do /etc/pam.d/sshd and
2001 Nov 16
4
passphrase quality
>No. ssh-keygen should never be pamifed. It is worthless to do so.
>
>If we are going to enforce passphrase quality it should be for all OSes.
>The world does not revolve around Linux. No matter what the press may
>think.
The Linux community didn't invent PAM, Sun did. Many more systems
than Linux have PAM, Solaris, HP-UX some BSDs for a start.
Having said that I agree with
2015 Oct 08
2
Changing User password from ssh member server
Hi Rowland,
This is a CentOS 6.7 server.
I was able to make some progress. I have edited /etc/pam.d/system-auth, and
now it looks like:
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account
2008 Feb 20
0
samba, PAM and active directory
Hi,
I want that users can log on (SSH and console) a
Debian box can do it through Active Directory. I still
want that root user can log on (SSH and console) so I
created a wheel group for that.
I can log on successfully with all AD and root
users. However, I'd like to limit the AD users to the
technology domain group.
I've googled a lot:
2010 Feb 16
2
pam_mount
Hi all,
I am a bit confused about the usage of pam_mount.
Here is my /etc/pam.d/system-auth:
auth required pam_env.so
auth required pam_mount.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_krb5.so use_first_pass
auth required pam_deny.so
account
2015 Oct 08
2
Changing User password from ssh member server
I have removed use_auhtok from /etc/pam.d/system-auth and now passwd is
"kind of" working...
I am still able to login with my old password and the new one also. But
only on the linux servers that are authenticating through LDAP.
On my workstation only the old password (the one I was trying to change
through passwd(ssh)) works.
I have noticed that my user now has a userPassword
2014 Oct 29
1
samba ssh change password Error was: Wrong password
passwd: Authentication token manipulation error
smbpasswd: machine 127.0.0.1 rejected the password change: Error was :
Wrong Password
best regards
[FACILITY/btombul at samba ~]$ passwd
Changing password for user FACILITY/btombul.
Changing password for FACILITY/btombul
(current) NT password:
New password:
Retype new password:
passwd: Authentication token manipulation error
[FACILITY/btombul at
2008 Jun 03
3
getent not listing ADS users ctdb samba
Hi,
I am setting up ctdb samba, and have hit a brick wall trying to solve the
following issue.
1. getent does not retrieve the list of domain users or groups (wbinfo
works fine)
I'm not sure what I'm missing but I've almost spent the whole day trying to
resolve this one and haven't made any progress :-(
Any help or suggestions are appreciated
My configuration is
2013 Feb 20
3
LDAP users/groups not showing up with nis, pam, & ldap
I am trying to configure NIS, PAM, & LDAP on a CentOS 6.2 host. I've
previously installed a similar configuration on RHEL4, but CentOS now
uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations
are a little different.
Currently, local users and groups are showing up but not LDAP users.
When I do a /getent passwd/ and/getent group/ I don't get LDAP users.
When I do
2010 Sep 14
1
cron breaking when enabling ldap
Hi
When I enable a box to do authentication using LDAP it breaks cron for users like jboss.
I get the following in /var/log/secure
Sep 14 15:25:01 exoipatest01 crond[7214]: pam_access(crond:account): access denied for user `jboss' from `cron'
I have the following in /etc/ldap.conf
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,tomcat,radiusd,news,mailman,nscd,jboss
2006 Dec 06
3
Winbind do not maintains mappings between UIDs, GIDs and SIDs
Hello,
I?m trying to use winbind to allow my AD users to logon to our linux
computers.
I?m using FC6 and Samba 3.0.23c-2.
I have several problems:
1. When I start linux machine and immediately ofter logging in I try to
check trust secret by running wbinfo -t
I receive this error:
checking the trust secret via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
2008 Feb 15
2
PAM libraries not found
When I add the --with-pam option in my configure command I get the
following error:
checking for pam_start in -lpam... no
configure: error: Can't build with PAM support: libpam not found
PAM is most certainly installed on the machine:
ii libpam-modules 0.79-5
Pluggable Authentication Modules for PAM
ii libpam-runtime 0.79-5
Runtime support
2012 May 31
1
Tangential Issue: idmap backend = ad and Active Directory 2008R2
Tried single quotes on Domain Admins in the pam.d file as well as a backslash on the space with no effect. I've found several references that just say "no spaces in group names." Is there really no way to do this?
Also, most references I find to using these lines in pam.d say that "sufficient" should work, but I'm finding that users in the named group can then log in
2011 Jun 09
1
pam_succeed_if
Hi,
The default system-auth file for PAM on CentOS has the following auth
section:
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
What's the use of the pam_succeed_if line? It will only be reached if
the pam_unix doesn't succeed and from
2017 Oct 30
4
winbind rfc2307 not being obeyed
maybe it'll work when f27 comes out in a few days I'll wait for it.
On Mon, Oct 30, 2017 at 3:05 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
> for this machine it was unimportant. I will just use local accounts to
> login it is only one user
> I did remove sssd and went back to my original smb.conf but it still shows
>
> [root at squints ~]# getent passwd