[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ossig] single sign-on, SSH, VSFTP trouble

To: MNCC Ossig <ossig@xxxxxxxxxxx>
Subject: Re: [ossig] single sign-on, SSH, VSFTP trouble
From: "Nicholas A. Suppiah" <nicholas@xxxxxxxxxxxx>
Date: Wed, 30 Nov 2005 19:06:04 +0800
In-Reply-To: <d2e733600511232354h2e4647edu8fec8c0b9f66e1d6@mail.gmail.com>
Organization: APIIT
References: <1132047423.11150.95.camel@nicholas-pc2.staff.apiit.edu.my> <d2e733600511170041i597edea7r1301dfaf3d0578bb@mail.gmail.com> <1132218920.15875.28.camel@nicholas-pc2.staff.apiit.edu.my> <d2e733600511171946qcfd83ddl38c3ad499b6dc164@mail.gmail.com> <1132304262.5809.9.camel@nicholas-pc2.staff.apiit.edu.my> <d2e733600511232354h2e4647edu8fec8c0b9f66e1d6@mail.gmail.com>
Reply-To: ossig@xxxxxxxxxxx
Sender: owner-ossig@xxxxxxxxxxx

Thank you to all your ideas,

I managed to get vsftpd working and authenticated users via the win2k3
ADS and local user. Harisfazillah you managed to lit the idea. 
Just to share the solution.

replace /etc/pam.d/vsftpd as follows:
=== begin vsftpd ===
auth       required     pam_listfile.so item=user sense=deny
file=/etc/vsftpd.ftpusers onerr=succeed
auth       required     pam_stack.so service=system-auth
auth       required     pam_shells.so
account    required     pam_unix.so
password    required    pam_unix.so
session    required     pam_stack.so service=system-auth
=== end vsftpd ===

I made many changes but resolved that the above is the main solution on
a FC2 with SELINUX turned on. Apart from that it is the firewall
settings. So I suggest trying to get vsftp working without firewall
first. Read the /var/log/messages at each login attempt.

Another thing is to make sure that the krb5 tickets are valid with the
command kinit -5. Worst case is a user not having a valid ticket.

A problem I could not resolve is shown in the /var/log/messages and if
anyone can tell me what is the solution, it is appreciated. It occured
when remotely someone tried to ftp.

nss_ldap: reconnecting to LDAP server...
nss_ldap: could not search LDAP server - Operations error

Nicholas

On Thu, 2005-11-24 at 15:54, Harisfazillah Jamel wrote:
> OK,
> 
> I'm remembered this problem something to do with the PAM.d
> 
> Mine is using Suse Linux 9.1 that used pam_unix2.so for login
> This is inside /etc/security/pam_unix2.conf
> 
> auth:   call_modules=winbind use_ldap
> account:        call_modules=winbind use_ldap
> password:       call_modules=winbind use_ldap
> session:        none
> call_modules=winbind,ldap
> 
> I hope you get the idea.
> 
> 
> 
> On 11/18/05, Nicholas A. Suppiah <nicholas@apiit.edu.my> wrote:
>         Yes,
>         
>         it should show the ADS users list but I keep getting the local
>         passwd
>         list. Kerberos is using krb5 1.3.6 packages.
>         
>         I have run the kinit linuxuser@my.domain.com and it validates
>         the
>         password without problems.
>         
>         Users can access my shares with their own login authenticated
>         from ADS.
>         
>         So, I am still missing something in this puzzle. Will keep
>         looking.
> 
> -- 
> http://linuxdotmy.multiply.com/

---------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message

Prev by Date: Re: [ossig] single sign-on, SSH, VSFTP trouble
Next by Date: [ossig] Overhaul of Linux License Could Have Broad Impact
Prev by thread: Re: [ossig] single sign-on, SSH, VSFTP trouble
Next by thread: No Subject
Index(es):
- Date
- Thread