Re: [Samba] samba/PAM/winbind/ssh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/12/2006 06:50 PM, Matt Herzog escreveu: I have the winbind login working on FC5 but now logins to local accounts cannot authenticate. My config files are here: http://www.pigeonnier.org/nsswitch.conf http://www.pigeonnier.org/pam.d/ http://www.pigeonnier.org/krb.conf Again, if I try to ssh in as a user that exists only as a local account on the remote host, I am rejected. User msh is -not- a AD account and only exists on the FC5 server province From the /var/log/secure file: Sep 12 16:58:29 province sshd[11521]: reverse mapping checking getaddrinfo for zogness.cinteractive.com failed - POSSIBLE BREAK-IN ATTEMPT! Sep 12 16:58:33 province sshd[11521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.76.121.62 user=msh Sep 12 16:58:35 province sshd[11521]: Failed password for msh from 198.76.121.62 port 58069 ssh2 Sep 12 16:58:39 province sshd[11521]: pam_succeed_if(sshd:account): requirement uid 100 not met by user msh Sep 12 16:58:39 province sshd[11521]: fatal: Access denied for user msh by PAM account configuration Well, for some reason your pam requires that your user has an uid less than 100, I don't know why, but it doesn't looks like to be related with Samba. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrvECj65ZxU4gPQRAuiQAJ9f6kbvBFaZw8RQ/4WdQEHdMQvHYwCeLGHC 96WqOsJkCUNBjpbax4FV7K0= =EsSt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba/PAM/winbind/ssh
On Fri, Sep 15, 2006 at 11:42:12AM -0300, Felipe Augusto van de Wiel wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/12/2006 06:50 PM, Matt Herzog escreveu: I have the winbind login working on FC5 but now logins to local accounts cannot authenticate. My config files are here: http://www.pigeonnier.org/nsswitch.conf http://www.pigeonnier.org/pam.d/ http://www.pigeonnier.org/krb.conf Again, if I try to ssh in as a user that exists only as a local account on the remote host, I am rejected. User msh is -not- a AD account and only exists on the FC5 server province From the /var/log/secure file: Sep 12 16:58:29 province sshd[11521]: reverse mapping checking getaddrinfo for zogness.cinteractive.com failed - POSSIBLE BREAK-IN ATTEMPT! Sep 12 16:58:33 province sshd[11521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.76.121.62 user=msh Sep 12 16:58:35 province sshd[11521]: Failed password for msh from 198.76.121.62 port 58069 ssh2 Sep 12 16:58:39 province sshd[11521]: pam_succeed_if(sshd:account): requirement uid 100 not met by user msh Sep 12 16:58:39 province sshd[11521]: fatal: Access denied for user msh by PAM account configuration Well, for some reason your pam requires that your user has an uid less than 100, I don't know why, but it doesn't looks like to be related with Samba. Kind regards, Thanks. My problem was solved by Red Hat's authconfig utility. I am still kicking myself for not having run it before. As it turns out, Red Hat's PAM config for winbind authentication puts the line: session sufficientpam_mkhomedir.so skel=/etc/skel umask=0027 in /etc/pam.d/sshd while in Debian that same line needs to be in /etc/pam.d/system-auth. -- Announcing your plans is a good way to hear the gods' laughter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba/PAM/winbind/ssh
I have the winbind login working on FC5 but now logins to local accounts cannot authenticate. My config files are here: http://www.pigeonnier.org/nsswitch.conf http://www.pigeonnier.org/pam.d/ http://www.pigeonnier.org/krb.conf Again, if I try to ssh in as a user that exists only as a local account on the remote host, I am rejected. User msh is -not- a AD account and only exists on the FC5 server province From the /var/log/secure file: Sep 12 16:58:29 province sshd[11521]: reverse mapping checking getaddrinfo for zogness.cinteractive.com failed - POSSIBLE BREAK-IN ATTEMPT! Sep 12 16:58:33 province sshd[11521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.76.121.62 user=msh Sep 12 16:58:35 province sshd[11521]: Failed password for msh from 198.76.121.62 port 58069 ssh2 Sep 12 16:58:39 province sshd[11521]: pam_succeed_if(sshd:account): requirement uid 100 not met by user msh Sep 12 16:58:39 province sshd[11521]: fatal: Access denied for user msh by PAM account configuration -- Announcing your plans is a good way to hear the gods' laughter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba