Web lists-archives.com

Re: [Samba] winbind rfc2307 not being obeyed




In centos I had to do the following

centos

  GNU nano 2.0.9
File: /etc/pam.d/system-auth-ac

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_fprintd.so
auth        sufficient    pam_unix.so nullok
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_winbind.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok
try_first_pass use_authtok
password    sufficient    pam_winbind.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session     required      pam_unix.so

  GNU nano 2.0.9
File: /etc/pam.d/password-auth-ac

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_winbind.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok
try_first_pass use_authtok
password    sufficient    pam_winbind.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session     required      pam_unix.so

On Mon, Oct 30, 2017 at 3:06 PM, Jeff Sadowski <jeff.sadowski@xxxxxxxxx> wrote:
> maybe it'll work when f27 comes out in a few days I'll wait for it.
>
>
> On Mon, Oct 30, 2017 at 3:05 PM, Jeff Sadowski <jeff.sadowski@xxxxxxxxx> wrote:
>> for this machine it was unimportant. I will just use local accounts to
>> login it is only one user
>> I did remove sssd and went back to my original smb.conf but it still shows
>>
>> [root@squints ~]# getent passwd jsadowski
>> jsadowski:*:11490:8513::/home/MIND/jsadowski:/bin/false
>>
>> I restarted winbind.
>>
>> On Mon, Oct 30, 2017 at 12:30 PM, Rowland Penny via samba
>> <samba@xxxxxxxxxxxxxxx> wrote:
>>> On Mon, 30 Oct 2017 12:22:54 -0600
>>> Jeff Sadowski <jeff.sadowski@xxxxxxxxx> wrote:
>>>
>>>> No, fedora is action strange. it isn't getting the  loginShell and
>>>> unixHomeDirectory attributes even if I take out the templates. also it
>>>> sets a bunch of other files up and I'm not sure what all it is doing.
>>>>
>>>
>>> Forget it is Fedora, do not use their tools and set up the individual
>>> files and most importantly, remove sssd
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba