I have no name prompt and no passwords recognized
Ronny Forberger
ronnyforberger at ronnyforberger.de
Sun Nov 13 16:05:01 UTC 2016
> Ronny Forberger <ronnyforberger at ronnyforberger.de> hat am 13. November 2016 um
> 11:29 geschrieben:
>
> Hi,
>
> > Alan Hicks via freebsd-security <freebsd-security at freebsd.org> hat am 13.
> > November 2016 um 10:37 geschrieben:
> >
> >
> >
> > On 12/11/2016 17:07, Ronny Forberger wrote:
> > > Hi,
> > > I am using SSSD and FreeBSD to authenticate against samba4.
> > > I used this howto setting all up:
> > > http://serverfault.com/questions/599200/how-to-integrate-active-directory-with-freebsd-10-0-using-security-sssd
> > >
> > > But when I want to logon using password, i.e. via dovecot I get wrong
> > > password.
> > > Neigher can I use sudo typing the correct samba4 password.
> > >
> > > Also I get a prompt [I have no name!@HOSTNAME] and my files, which I
> > > chowned &
> > > chgrped to the samba user and group only show IDs as owner.
> > This means the system does not know who you are. What authentication
> > system are you using? For example using net/nss-pam-ldap here gives the
> > same error when ldap goes away or upgrading ports. Restarting the
> > authentication service restores access here.
>
> I am using sssd but restarting sssd didn't help. Any other ideas?
>
I found out, that /var/run/sss needed mode 0755.
But I still can't use passwords.
My /etc/pam.d/system looks like:
# auth
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth sufficient /usr/local/lib/pam_sss.so
auth required pam_unix.so no_warn try_first_pass nullok
# account
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
account required /usr/local/lib/pam_sss.so ignore_unknown_user
# session
#session optional pam_ssh.so want_agent
session required pam_lastlog.so no_fail
session optional /usr/local/lib/pam_sss.so
# password
#password sufficient pam_krb5.so no_warn try_first_pass
password sufficient /usr/local/lib/pam_sss.so use_authtok
password required pam_unix.so no_warn try_first_pass
What am I doing wrong?
Best regards,
Ronny
> >
> > >
> > > Any ideas how to solve this? Can this maybe be a permission problem with
> > > some
> > > file for sssd / NSS which an unprivileged user cannot read?
> > >
> > > Best regards,
> > > Ronny Forberger
> > > ___________________________________
> > > Ronny Forberger
> > > ronnyforberger at ronnyforberger.de
> > > PGP: http://www.ronnyforberger.de/pgp/email-encryption.html
> > > _______________________________________________
> > > freebsd-security at freebsd.org mailing list
> > > https://lists.freebsd.org/mailman/listinfo/freebsd-security
> > > To unsubscribe, send any mail to
> > > "freebsd-security-unsubscribe at freebsd.org"
> > >
> >
> > Regards,
> > Alan
> > _______________________________________________
> > freebsd-security at freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-security
> > To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
> >
> Best regards,
> Ronny
> ___________________________________
> Ronny Forberger
> ronnyforberger at ronnyforberger.de
> PGP: http://www.ronnyforberger.de/pgp/email-encryption.html
>
___________________________________
Ronny Forberger
ronnyforberger at ronnyforberger.de
PGP: http://www.ronnyforberger.de/pgp/email-encryption.html
More information about the freebsd-security
mailing list