[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ossig] single sign-on, SSH, VSFTP trouble
- To: MNCC Ossig <ossig@xxxxxxxxxxx>
- Subject: Re: [ossig] single sign-on, SSH, VSFTP trouble
- From: "Nicholas A. Suppiah" <nicholas@xxxxxxxxxxxx>
- Date: Wed, 30 Nov 2005 19:06:04 +0800
- In-Reply-To: <email@example.com>
- Organization: APIIT
- References: <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org> <email@example.com>
- Reply-To: ossig@xxxxxxxxxxx
- Sender: owner-ossig@xxxxxxxxxxx
Thank you to all your ideas,
I managed to get vsftpd working and authenticated users via the win2k3
ADS and local user. Harisfazillah you managed to lit the idea.
Just to share the solution.
replace /etc/pam.d/vsftpd as follows:
=== begin vsftpd ===
auth required pam_listfile.so item=user sense=deny
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_unix.so
password required pam_unix.so
session required pam_stack.so service=system-auth
=== end vsftpd ===
I made many changes but resolved that the above is the main solution on
a FC2 with SELINUX turned on. Apart from that it is the firewall
settings. So I suggest trying to get vsftp working without firewall
first. Read the /var/log/messages at each login attempt.
Another thing is to make sure that the krb5 tickets are valid with the
command kinit -5. Worst case is a user not having a valid ticket.
A problem I could not resolve is shown in the /var/log/messages and if
anyone can tell me what is the solution, it is appreciated. It occured
when remotely someone tried to ftp.
nss_ldap: reconnecting to LDAP server...
nss_ldap: could not search LDAP server - Operations error
On Thu, 2005-11-24 at 15:54, Harisfazillah Jamel wrote:
> I'm remembered this problem something to do with the PAM.d
> Mine is using Suse Linux 9.1 that used pam_unix2.so for login
> This is inside /etc/security/pam_unix2.conf
> auth: call_modules=winbind use_ldap
> account: call_modules=winbind use_ldap
> password: call_modules=winbind use_ldap
> session: none
> I hope you get the idea.
> On 11/18/05, Nicholas A. Suppiah <firstname.lastname@example.org> wrote:
> it should show the ADS users list but I keep getting the local
> list. Kerberos is using krb5 1.3.6 packages.
> I have run the kinit email@example.com and it validates
> password without problems.
> Users can access my shares with their own login authenticated
> from ADS.
> So, I am still missing something in this puzzle. Will keep
To unsubscribe: send mail to firstname.lastname@example.org
with "unsubscribe ossig" in the body of the message