Displaying 20 results from an estimated 500 matches similar to: "pam_winbind with trusted domain"
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users
noticed that it did not honor password expiration consistently with
other Solaris login services.
The patch below is against OpenSSH 2.2.0p1 and adds support for PAM
password changes on expiration via pam_chauthtok(). A brief summary of
changes:
auth-pam.c:
* change declaration of pamh to "static pam_handle_t *pamh",
2020 Jul 29
1
kerberos ticket on login problem
On 7/28/2020 4:11 PM, Jason Keltz wrote:
>
> On 7/28/2020 3:59 PM, Jason Keltz via samba wrote:
>> I'm experimenting with smb + winbind.
>>
>> My host is joined to AD and I can login to my host fine using my AD
>> credentials via SSH.?? The only issue is that I don't get a Kerberos
>> ticket generated.
>>
>> In
2014 Jan 02
2
pam_winbind fails to authenticate domain users on my debian wheezy domain member servers
Dear list members,
I am running a small active directory domain for my home network.
Everything is working as expected, except for the authentication of active
directory users on my machines running debian wheezy.
Here is my setup:
1) Active Directory Domain Controller is running on a raspberrypi
(raspbian) with samba compiled from source (v4-1-stable from git repository)
2) WIndows 7 machines
1999 Nov 22
1
[s-x86] OpenSSH 1.2pre14 fails on pam_open_session() ...
On Mon, 22 Nov 1999, Philip Brown wrote:
> [ Marc G. Fournier writes ]
> > debug("PAM_retval(open_session) about to run");
> > pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
>
> >
> > ===========================================
> >
> > so, its looking like I'm authenticated properly, but when trying to set up
> > the
2013 Nov 28
4
SSH - Winbind and Keybased Auth
Hi Team,
We have a weird issue that we are trying to understand. We have winbind set up and working successfully for user authentication with passwords via ssh. We have pam.d/system-auth-ac and password-auth-ac (symlinked) set to require membership of a group which works great via password authentication.
However, if the user has a ssh key set up, they seem to bypass the group membership
2011 Mar 24
2
Problem with pam-auth and winbind
Hi
I try to use windbind rule to authenticate users in dovecot login procedure.
/etc/nsswitch.conf file:
passwd: files winbind
shadow: files winbind
group: files winbind
when I try logon from my console to dovecot (pop3 server):
# telnet komp14 110
Trying 10.10.10.38...
Connected to komp.xxx.xxx (10.10.10.38).
Escape character is '^]'.
+OK Dovecot ready.
user tt1
+OK
pass xxxxxxxxx
-ERR
2001 Sep 05
1
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
>> >Could we please have a clarification on the semantics of
>> >PAM_CRED_ESTABLISH vs. the semantics of PAM_REINITIALIZE_CREDS?
>>
>> My interpretation is:
>>
>> You call PAM_ESTABLISH_CRED to create them
>> You call PAM_REINITIALIZE_CRED to update creds that can expire over time,
>> for example a kerberos ticket.
Oops. I meant
2009 Mar 13
1
PAM_WINBIND problem with sambaPwdMustChange
Hi People!
I use pam_winbind for authentication in my computer workstation using
Debian Lenny 5.0, Stable Version.
I configure my user with this option "sambaPwdMustChange: 0", and I
logon in GDM without asking to change password. Who knows what can be?
I use Samba PDC with Heimdal Kerberos, but, I configure PAM with only
pam_winbind for tests...
Client versions:
ii
2013 Dec 03
2
winbind when machine account is not allowed to read users from ad
HI,
I want to use samba winbind (3.6.18 - Ubuntu) to login to a machine
using ads. The problem I have is that the ad server (win 2008) does not
grant read access to the user list for the machine account. Only each
user can read his own entry. Due to the privacy police this behaviour
can not be changed.
How do I tell winbind to use the user account to look up the user and
not use the machine
2010 Sep 09
3
winbind authentification trouble
A Debian/Lenny-Server is connected to a PDC (using samba) and tries to
authenticate logins via pam_winbind. User mapping and everything else
needed works fine (i.e. especially getent shows all the accounts),
however remote logins of domain users fail. I have:
| gatekeeper:~# cat /etc/pam.d/common-auth
| [...]
| auth sufficient pam_unix.so nullok_secure
| auth required
2017 Nov 02
2
Domain users cannot log on locally to DC
Hi,
I have a samba 4.7.0 DC installed on a Debian Stretch machine. I
provisioned the domain with rfc2307 enabled and have set the Unix attributes
using Windows 7 RSAT/ADUC. I think I followed the WiKi pages correctly to
enable the pam_winbind module in PAM, and have allocated a gID to Domain
Users. After falling foul of the
https://bugzilla.samba.org/show_bug.cgi?id=13054 bug, entering net
2020 Jul 28
2
kerberos ticket on login problem
I'm experimenting with smb + winbind.
My host is joined to AD and I can login to my host fine using my AD
credentials via SSH.?? The only issue is that I don't get a Kerberos
ticket generated.
In /etc/security/pam_winbind.conf I have:
krb5_auth = yes
krb5_ccache_type = KEYRING
In /etc/krb5.conf, I also have:
default_ccache_name = KEYRING:persistent:%{uid}
Using wbinfo -K jas, then
2008 Feb 22
3
Winbind 3.0.26a cannot authenticate with ActiveDirectory
I am using Ubuntu Gutsy, which comes with Winbind 3.0.26a. I am using the
same configuration that worked on Ubuntu Feisty, which uses Winbind 3.0.24.
Something changed with Winbind, apparently, to break the configuration that
was working perfectly. How can I fix my configuration to work with the new
version?
The symptoms are as follows:
wbinfo -t works
wbinfo can retrieve a list of users
wbinfo
2018 Jul 24
2
Failed to establish your Kerberos Ticket cache due time differences with the domain controller
I did re-read the whole thread again.
Im running out of options..
When i look at :
https://wiki.samba.org/index.php/PAM_Offline_Authentication
You can do these last checks.
Run the : Testing offline authentication as show on the wiki.
Debian normaly does not have /etc/security/pam_winbind.conf, check if its there if so backup it remove it.
Check if these packages are installed.
2000 Jul 03
2
2.1.1p2 HP-UX 11 PAM General Commerical Security error
Trying 2.1.1p2 on HP-UX 11 (trusted system) I get:
Jul 3 14:24:53 robinson sshd[1236]: debug: Encryption type: 3des
Jul 3 14:24:53 robinson sshd[1236]: debug: Received session key; encryption turned on.
Jul 3 14:24:53 robinson sshd[1236]: debug: Installing crc compensation attack detector.
Jul 3 14:24:53 robinson sshd[1236]: debug: Starting up PAM with username "stevesk"
Jul 3
2018 Jul 24
0
Failed to establish your Kerberos Ticket cache due time differences with the domain controller
> -----Original Message-----
> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of L.P.H. van
> Belle via samba
> Sent: 24 July 2018 09:41
> To: samba at lists.samba.org
> Subject: Re: [Samba] Failed to establish your Kerberos Ticket cache due time
> differences with the domain controller
>
> I did re-read the whole thread again.
>
> Im running out
2010 Jul 20
5
Record Failed Passwords
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi OpenSSH'ers,
I am emailing you to ask is it possible to record failed passwords
attempts and log them to syslog? Are there patches available for this?
Has anyone managed to do this before? Are there alternitive methods?
Many Thanks,
A
- --
Alan Neville,
Postgraduate Education Officer,
DCU Students' Union 2009/2010,
BS.c Computer
2017 Feb 21
4
Re: "virsh list" hangs
On 02/20/2017 09:10 PM, Michal Privoznik wrote:
> On 17.02.2017 17:18, Yunchih Chen wrote:
>> `virsh list` hangs on my server that hosts a bunch of VMs.
>> This might be due to the Debian upgrade I did on Feb 15, which upgrades
>> `libvirt` from 2.4.0-1 to 3.0.0-2.
>> I have tried restarting libvirtd for a few times, without luck.
>>
>> Attached below are
2008 Jan 20
1
winbind forced password change requires interactive shell
We've discovered that although Winbind supports password changes when the
account password is expired, this only works with *interactive* shells.
This is a major problem for us. Use case 1: SSH tunnels:
$ ssh user2@localhost -N -L 4711:localhost:22
user2@localhost's password:
<trying to use the tunnel>
channel 2: open failed: administratively prohibited: open failed
As you can
2003 Jan 28
1
[nsswitch/pam_winbind.po] Error 1 With Compiling 3.0
Greetings,
***Warning: New to compiling and use RPMs whenever I can :-)***
When trying to compile I get the above error. It is preceded by:
=======
.
.
.
Compiling nsswitch/pam_winbind.c with -fPIC
nsswitch/pam_winbind.c:60: parse error before `*'
nsswitch/pam_winbind.c: In function `converse':
nsswitch/pam_winbind.c:67: `pamh' undeclared (first use in this
function)