similar to: winbind offline logon

On Thu, 28 Dec 2023 18:18:22 +0000 bd730c5053df9efb via samba <samba at lists.samba.org> wrote: > Hi all! > > As a die hard slackware user and as a part of my learning pam process > I installed debian bookworm (12.4.0) in a vm and setup a domain > member server per the instructions in the wiki trying to figure out > how debian does it so I can correct some issues I have

Sent with Proton Mail secure email. On Thursday, December 28th, 2023 at 15:59, Rowland Penny via samba <samba at lists.samba.org> wrote: > On Thu, 28 Dec 2023 18:18:22 +0000 > bd730c5053df9efb via samba samba at lists.samba.org wrote: > > > Hi all! > > > > As a die hard slackware user and as a part of my learning pam process > > I installed debian

On Thu, 28 Dec 2023 19:08:45 +0000 bd730c5053df9efb via samba <samba at lists.samba.org> wrote: > > > > > > # here are the per-package modules (the "Primary" block) > > > auth [success=2 default=ignore] pam_unix.so nullok > > > auth [success=1 default=ignore] pam_winbind.so cached_login > > > krb5_auth krb5_ccache_type=FILE

Hi. I've set up a Samba PDC on Debian, working fine with XP Clients. I'm now trying to have a linux client join the domain. I managed to do that, but I cannot handle password expiration. When the domain pass is expired, in GDM I see a message "Your password is expired" but the user can log in anyway. I used the following guide to configure my Linux client, which is an Ubuntu

On Fri, 30 Sep 2016 13:32:18 +0200 Oliver Werner <oliver.werner at kontrast.de> wrote: > the interface part is ok. eth0 has another IP as eth0:35 > > DCs show me the profiles > > unix authentication > register user session in the systemd…. > inheritable capabilities management > OLIVER WERNER > Systemadministrator > I use Devuan and I get: Kerberos

Hi list,I want to make winbind kerberos ticket refresh work but I couldn't do it with configuration below: ------ smb.conf ------security = ADS workgroup = MYDOMAINrealm = MYDOMAIN.ORG log file = /var/log/samba/%m.loglog level = 6enable core files = no idmap config * : backend = tdbidmap config * : range = 3000-7999idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range =

Having issues adapting our 3.4 configuration that worked very well using idmap rid in 3.3. It seems like winbind does not cache the credentials despite all of the settings being present. I can set winbind offline via smbcontrol and have it work, but if I reboot the machine (important for my laptops) off the network winbind complains that it can't find the logon server. When disconnected and

On Thu, 8 Dec 2016 13:03:49 -0500 lingpanda101 via samba <samba at lists.samba.org> wrote: > On 12/8/2016 12:52 PM, Rowland Penny via samba wrote: > > On Thu, 8 Dec 2016 12:27:20 -0500 > > lingpanda101 via samba <samba at lists.samba.org> wrote: > > > >> I think I have a issue with ldconfig not finding winbind. I create > >> the sym links and

On 09/01/15 17:26, Bob of Donelson Trophy wrote: > > > On 2015-01-09 10:23, Rowland Penny wrote: > >> On 09/01/15 15:47, Bob of Donelson Trophy wrote: >> >> On 2015-01-09 09:27, Rowland Penny wrote: >> >> On 09/01/15 15:00, Bob of Donelson Trophy wrote: >> On 2015-01-09 08:44, Rowland Penny wrote: W7 client "Preferred DNS server" is set

On 12/10/15 08:27, VigneshDhanraj G wrote: > Hi Rowland, > > Thanks for the help. > > Yes, Joined to the domain, ftp uses pam authentication. After > upgrading samba i found ftp pam authentication not working > > /etc/pam.d/ftp contains > > #%PAM-1.0 > auth sufficient /lib/security/pam_smbpass.so > auth sufficient /lib/security/pam_winbind.so

On Mon, 28 Jan 2019 12:52:45 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > > > Strictly speaking, why winbind cache ''PAM'' data and not ''NSS'' > > > one (seems to me)? > > The problem is (for myself anyway), I do not understand the >

On 09/01/15 18:31, Bob of Donelson Trophy wrote: > > > On 2015-01-09 11:40, Rowland Penny wrote: > >> On 09/01/15 17:26, Bob of Donelson Trophy wrote: >> On 2015-01-09 10:23, Rowland Penny wrote: On 09/01/15 15:47, Bob of Donelson Trophy wrote: On 2015-01-09 09:27, Rowland Penny wrote: On 09/01/15 15:00, Bob of Donelson Trophy wrote: On 2015-01-09 08:44, Rowland Penny

On 09/01/15 18:56, Bob of Donelson Trophy wrote: > > > On 2015-01-09 12:45, Rowland Penny wrote: > >> On 09/01/15 18:31, Bob of Donelson Trophy wrote: >> On 2015-01-09 11:40, Rowland Penny wrote: On 09/01/15 17:26, Bob of Donelson Trophy wrote: On 2015-01-09 10:23, Rowland Penny wrote: On 09/01/15 15:47, Bob of Donelson Trophy wrote: On 2015-01-09 09:27, Rowland Penny

On Tue, 13 Dec 2016 14:57:59 -0500 lingpanda101 via samba <samba at lists.samba.org> wrote: > On 12/12/2016 3:27 PM, lingpanda101 wrote: > > On 12/11/2016 8:59 AM, Brian Candler via samba wrote: > >> On 10/12/2016 16:25, Brian Candler wrote: > >>> I think there's plenty of emphasis now, but I think there is a > >>> part which is misleading: >

On Thu, 8 Dec 2016 13:54:17 -0500 lingpanda101 via samba <samba at lists.samba.org> wrote: > On 12/8/2016 1:14 PM, Rowland Penny via samba wrote: > > On Thu, 8 Dec 2016 13:03:49 -0500 > > lingpanda101 via samba <samba at lists.samba.org> wrote: > > > >> On 12/8/2016 12:52 PM, Rowland Penny via samba wrote: > >>> On Thu, 8 Dec 2016 12:27:20

Thanks Louis. Results below. > Hai, > > I've reading this thread more closely. > > I suggest you try the followoing. > > Check the servers hardware clock in the bios first. > Set these within 5 min, if they are not about the same. > There no RTC in the pi; the other DC is running in a VM with RTC set to UTC. I have disabled the guest from getting the time

I did re-read the whole thread again. Im running out of options.. When i look at : https://wiki.samba.org/index.php/PAM_Offline_Authentication You can do these last checks. Run the : Testing offline authentication as show on the wiki. Debian normaly does not have /etc/security/pam_winbind.conf, check if its there if so backup it remove it. Check if these packages are installed.

On 09/01/15 20:16, Bob of Donelson Trophy wrote: > > > On 2015-01-09 13:43, Rowland Penny wrote: > >> On 09/01/15 18:56, Bob of Donelson Trophy wrote: >> On 2015-01-09 12:45, Rowland Penny wrote: On 09/01/15 18:31, Bob of Donelson Trophy wrote: On 2015-01-09 11:40, Rowland Penny wrote: On 09/01/15 17:26, Bob of Donelson Trophy wrote: On 2015-01-09 10:23, Rowland Penny

Hi all, I'm trying to get pam_winbind to create ticket cache on login if the AD is available. Please note that this is an Ubuntu Lucid system. When trace this with wireshark it receives a TGT ticket for the user. The current solution is to use pam_krb5 before attempting winbind. That gives me a ticket cache. The main problem is that if the user enters the wrong password it does two login

Dear All, Is it possible to make any authorization (eg. checking of group membership) in case of GSSAPI authentication? Our dovecot authenticates the users against PAM and GSSAPI. In the PAM file I'm able to check if a user is a member of a selected (e.g mailreader) group. If the user is member, he can login otherwise not (see below). If the user has a valid Kerberos ticket and he