I have no name prompt and no passwords recognized

Ronny Forberger ronnyforberger at ronnyforberger.de
Sun Nov 13 16:05:01 UTC 2016 

 
 

> Ronny Forberger <ronnyforberger at ronnyforberger.de> hat am 13. November 2016 um
> 11:29 geschrieben:
> 
>  Hi,
> 
>  > Alan Hicks via freebsd-security <freebsd-security at freebsd.org> hat am 13.
>  > November 2016 um 10:37 geschrieben:
>  >
>  >
>  >
>  > On 12/11/2016 17:07, Ronny Forberger wrote:
>  > > Hi,
>  > > I am using SSSD and FreeBSD to authenticate against samba4.
>  > > I used this howto setting all up:
>  > > http://serverfault.com/questions/599200/how-to-integrate-active-directory-with-freebsd-10-0-using-security-sssd
>  > >
>  > > But when I want to logon using password, i.e. via dovecot I get wrong
>  > > password.
>  > > Neigher can I use sudo typing the correct samba4 password.
>  > >
>  > > Also I get a prompt [I have no name!@HOSTNAME] and my files, which I
>  > > chowned &
>  > > chgrped to the samba user and group only show IDs as owner.
>  > This means the system does not know who you are. What authentication
>  > system are you using? For example using net/nss-pam-ldap here gives the
>  > same error when ldap goes away or upgrading ports. Restarting the
>  > authentication service restores access here.
>   
>  I am using sssd but restarting sssd didn't help. Any other ideas?
> 

 

I found out, that /var/run/sss needed mode 0755.

But I still can't use passwords.

My /etc/pam.d/system looks like:

# auth
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth sufficient /usr/local/lib/pam_sss.so
auth required pam_unix.so no_warn try_first_pass nullok

# account
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
account required /usr/local/lib/pam_sss.so ignore_unknown_user

# session
#session optional pam_ssh.so want_agent
session required pam_lastlog.so no_fail
session optional /usr/local/lib/pam_sss.so

# password
#password sufficient pam_krb5.so no_warn try_first_pass
password sufficient /usr/local/lib/pam_sss.so use_authtok
password required pam_unix.so no_warn try_first_pass

 

What am I doing wrong?

Best regards,

Ronny

>  >
>  > >
>  > > Any ideas how to solve this? Can this maybe be a permission problem with
>  > > some
>  > > file for sssd / NSS which an unprivileged user cannot read?
>  > >
>  > > Best regards,
>  > > Ronny Forberger
>  > > ___________________________________
>  > > Ronny Forberger
>  > > ronnyforberger at ronnyforberger.de
>  > > PGP: http://www.ronnyforberger.de/pgp/email-encryption.html
>  > > _______________________________________________
>  > > freebsd-security at freebsd.org mailing list
>  > > https://lists.freebsd.org/mailman/listinfo/freebsd-security
>  > > To unsubscribe, send any mail to
>  > > "freebsd-security-unsubscribe at freebsd.org"
>  > >
>  >
>  > Regards,
>  > Alan
>  > _______________________________________________
>  > freebsd-security at freebsd.org mailing list
>  > https://lists.freebsd.org/mailman/listinfo/freebsd-security
>  > To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>  >
>  Best regards,
>  Ronny
>  ___________________________________
>  Ronny Forberger
>  ronnyforberger at ronnyforberger.de
>  PGP: http://www.ronnyforberger.de/pgp/email-encryption.html
> 

 
___________________________________
Ronny Forberger
ronnyforberger at ronnyforberger.de
PGP: http://www.ronnyforberger.de/pgp/email-encryption.html

More information about the freebsd-security mailing list