Displaying 20 results from an estimated 600 matches similar to: "pam_winbind: user needs new password"
2006 Aug 01
2
[HELP] Samba 3.0.23a pam_winbind says password expired
hi,
i just do some tests with a fresh compiled samba 3.0.23a.
trying to authenticate against PAM with pam_winbind gives:
Aug 1 09:59:21 humevo36 pam_winbind[27853]: pam_winbind:
pam_sm_authenticate (flags: 0x0000)
Aug 1 09:59:23 humevo36 pam_winbind[27853]: Verify user `gasch'
Aug 1 09:59:23 humevo36 pam_winbind[27853]: enabling cached login flag
Aug 1 09:59:23 humevo36
2006 Aug 15
3
pam_winbind says I need new password
Hello all,
I have a pretty large DC and am using winbind for our linux workstations and
im having a preculiar issue. Not all accounts but some...including mine are
recieving the pam error to change password.
example...
...
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user msellers.
Changing password for msellers
(current) NT
2002 Mar 26
2
SSH / PAM / Kerberos / password aging
Ok, so, things are complicated.
The PAM standard insists on password aging being done after account
authorization, which comes after user authentication. Kerberos can't
authenticate users whose passwords are expired.
So PAM_KRB5 implementations tend to return PAM_SUCCESS from
pam_krb5:pam_sm_authenticate() and arrange for pam_krb5:pam_sm_acct_mgmt()
to return PAM_NEW_AUTHTOK_REQD, as
2005 Jun 08
1
Possible security flaw in OpenSSH and/or pam_krb5
openssh-unix-dev at mindrot.org
kerberos at ncsa.uiuc.edu
We believe there is a security flaw in either OpenSSH and/or RedHat's pam_krb5
module. When a Kerberos principal has the REQUIRES_PWCHANGE
(+needchange) flag set, OpenSSH+pam_krb5 will still successfully
authenticate the user. Local 'su' and 'login' fail in this case which
leads us to believe it's at least
2003 Jul 18
1
pam_winbind.so
Hi all,
I am having a problem with pam_winbind.so. Is there
any documentation that tells exactly what each module
with pam_winbind.so does? In other words, what does
the auth section do, what does the account section
do??? When I try to authenticate, the auth section in
login pam seems to pass successfully, but the account
section seems to fail. Here is my login module
auth required
2005 Jun 15
1
unable to build pam_winbind on Solaris 9
Greetings,
Still trying to get Samba 3.0.15pre2 built on a Solaris 9 box with PAM
support. I am using gcc 3.3.2 and I have openldap-2.2.24, krb5-1.4, and
Cyrus SASL 2.1.20 installed.
I have found other posting by people with problems building on Solaris
as well as asking about the "_pam_macros.h" file that seems to be
missing on Solaris. Posting about problems, but not with
2007 Jan 08
0
pam_winbind + password never expires [re-post]
Sorry for the repost, but I've not gotten any response and the problem
persists. Does anyone have any idea how to fix?
===================================
I read a few posts in the archives about this problem and that it was to
be fixed in 3.0.23c. Currently I'm running 3.0.23d-2+b1 on a debian
system and am getting the following:
$ ssh -l testuser fileserver
Password:
Your password
2007 Jan 04
0
pam_winbind + password never expires
I read a few posts in the archives about this problem and that it was to
be fixed in 3.0.23c. Currently I'm running 3.0.23d-2+b1 on a debian
system and am getting the following:
$ ssh -l testuser fileserver
Password:
Your password has expired
Here's what auth.log shows:
Jan 4 11:46:26 tmcsamba1 pam_winbind[14309]: user 'DOMAIN1+testuser' OK
Jan 4 11:46:26 tmcsamba1
2001 Oct 25
6
Regarding PAM_TTY_KLUDGE and Solaris 8...
>Okay, this appears to be a problem with pam_unix.so - the code in
>pam_sm_open_session is written with the assumption that the tty name is of
>the form "/dev/" + something else on the end. I'm not sure why the
pam_sm_open_session in pam_unix on Solaris now does this:
/* report error if ttyn or rhost are not set */
if ((ttyn == NULL) || (rhost == NULL))
2006 May 26
4
Samba 3.0.20, pam_winbind broken?
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 255 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba/attachments/20060525/a6a8d41f/signature.bin
2009 Jun 24
0
winbind authentication mystery
Greetings,
I'm running Fedora 11 (Samba 3.3.2) and am trying to configure winbind
authentication against a Windows 2003 server.
I've run kinit and net join successfully, and can wbinfo -u, -g, and -t
successfully, as well as getent passwd and getent group successfully. I
can even use passwd to change domain user passwords.
However, when I try to log in via gdm, ssh, or even su, I do not
2009 Dec 31
0
winbind authentication mystery
Hi Chris,
Were you able to solve this.
Regards,
David.
Greetings,
I'm running Fedora 11 (Samba 3.3.2) and am trying to configure winbind
authentication against a Windows 2003 server.
I've run kinit and net join successfully, and can wbinfo -u, -g, and -t
successfully, as well as getent passwd and getent group successfully. I
can even use passwd to change domain user passwords.
However,
2006 May 03
8
[Bug 1188] keyboard-interactive should not allow retry after pam_acct_mgmt fails
http://bugzilla.mindrot.org/show_bug.cgi?id=1188
Summary: keyboard-interactive should not allow retry after
pam_acct_mgmt fails
Product: Portable OpenSSH
Version: -current
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
2002 Oct 16
2
SSH Bug 3.5p1 Expired Passwords
Hello
in the new Openssh 3.5p1 is the sam Bug as in the 3.4p1 :-(
When a User try to login with a expired Passwort, SSH denys the Acces to the System
fbeckman at zvadmxz:/home/fbeckman # ssh -v fbeckman at xy
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090605f
debug1: Reading configuration data /etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
2000 May 25
2
grace logins on solaris
We just started using NDS for Solaris to authenticate users on our SOlaris
2.6 boxes. Works great with OpenSSH except for one thing. When a user's
password is expired, sshd won't allow them access, while telnetd reports
the number of grace logins left, and asks to change the user's password.
Seems to be an interaction with the PAM account module, but I'm not
familiar enough
2010 Oct 27
3
Samba 3.5.6, Solaris 10, pam_winbind.so will not link
Greetings,
Still no progress trying to get Samba 3.5.6 built on Solaris 10, using
gcc 3.4.6.
Maybe fresh eyes will see something? Been having issues building samba
since 3.4.9 (and anything greater than 3.2.15 on Solaris 9 where samba
will build, but winbind will not work properly for user authentication.)
techops$ make
Using CFLAGS = -I/opt/local/kerberos5/include -O -I.
2003 Oct 12
4
[PATCH]: Call pam_chauthtok from keyboard-interactive.
Hi All.
This patch calls pam_chauthtok() to change an expired password via PAM
during keyboard-interactive authentication (SSHv2 only). It is tested on
Redhat 8 and Solaris 8.
In theory, it should have simply been a matter of calling pam_chauthtok
with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is
if it's expired, right? From the Solaris pam_chauthtok man page:
2008 Jan 20
1
winbind forced password change requires interactive shell
We've discovered that although Winbind supports password changes when the
account password is expired, this only works with *interactive* shells.
This is a major problem for us. Use case 1: SSH tunnels:
$ ssh user2@localhost -N -L 4711:localhost:22
user2@localhost's password:
<trying to use the tunnel>
channel 2: open failed: administratively prohibited: open failed
As you can
2006 Feb 01
0
SAMBA 3.0.21b expired password issue for Solaris 9 - perhaps a bug in winbind or /etc/pam.conf misconfigure
All,
The SAMBA version 3.0.21b expired password pam_winbind.so section
perhaps might still have an issue. It seems to just be in some kind of
loop and
never completes the section in pam_winbind.c of pam_sm_chauthtok.
See ssh (Solaris 4.2.p1 ssh) sequence below:
ssh hermione
Password:
Changing password for leeraym
(current) NT password:
Re-enter new Password:
Password:
Password:
2003 Jan 28
1
[nsswitch/pam_winbind.po] Error 1 With Compiling 3.0
Greetings,
***Warning: New to compiling and use RPMs whenever I can :-)***
When trying to compile I get the above error. It is preceded by:
=======
.
.
.
Compiling nsswitch/pam_winbind.c with -fPIC
nsswitch/pam_winbind.c:60: parse error before `*'
nsswitch/pam_winbind.c: In function `converse':
nsswitch/pam_winbind.c:67: `pamh' undeclared (first use in this
function)