LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-01-2006, 05:45 PM   #1
lshoemak
LQ Newbie
 
Registered: Aug 2006
Posts: 3

Rep: Reputation: 0
Local authentication fails


I am running the latest versions of Fedora, Samba, & vsftp. The box is a member of an Active Directory (AD) domain. I use this box as an FTP server that is accessed both internally from our Windows AD domain (using AD accounts) & by our external clients (using local user accounts) via the internet. Samba is set up correctly & authenticates AD accounts just fine. However, my external clients can no longer authenticate using local user accounts. I've tried authenticating through the LAN (to eliminate the firewall/router as a suspect), & it still doesn't work. I tried to logon to the local box with a local account, & that doesn't work either. I can, however, log onto the Fedora box using the local root account.

The NSSWITCH.CONF contains the following:

passwd: files winbind
shadow: files winbind
group: files winbind

The VSFTPD.CONF contains the following:

anonymous_enable=NO
chroot_local_user=YES
connect_from_port_20=YES
dirmessage_enable=YES
listen=YES
local_enable=YES
tcp_wrappers=YES
use_localtime=YES
userlist_enable=YES
write_enable=YES
xferlog_enable=YES
local_umask=077
pam_service_name=vsftpd

Anyone know what is going on or where else I should look?
 
Old 08-02-2006, 01:24 AM   #2
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
The problem quite clearly based on what you've described lies in some kind of incorrect config on the box itself. When you say local logon at the console for user accounts itself is not working...what errors do you get when you try and login?

I remember having something like this when I was trying to setup NFS on Solaris some time back...have a feeling this is related to the Samba config ...remember something about Samba needing users itself...."smbpasswd" ...

I know I'm not being very helpful here..thats coz I dont remember teh exact things...u might want to drill down through what I said if you think that's related...

All the best....
Arvind
 
Old 08-02-2006, 01:32 AM   #3
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
Hey hold on...this looks helpful...u might want to try this out...

touch /var/run/console/user-name(whom you want to allow local access)

This is what I found as the explanation:

===============
The gnome-session code checks for /var/run/console/<current username> to see if the current user is allowed to reboot or halt. If the file does not exist, then gnome-session does not provide the halt and reboot options. Otherwise, it does. Redhat apparently has code that automatically adds users to /var/run/console when they login locally-- so they make the assumption that if the user logged in locally, they can shut the machine down. Not the best assumption
===============================

So the point being PAM is controlling something here .. and I have no clue abt how PAM works .. so maybe someone else can throw some light on what is going on here...
 
Old 08-03-2006, 11:35 AM   #4
lshoemak
LQ Newbie
 
Registered: Aug 2006
Posts: 3

Original Poster
Rep: Reputation: 0
The only error message I get is "Login failed". Nothing more.
 
Old 08-03-2006, 12:59 PM   #5
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
Try the solution I recommended after that .. in the next post and see if it works...
 
Old 08-04-2006, 10:34 AM   #6
lshoemak
LQ Newbie
 
Registered: Aug 2006
Posts: 3

Original Poster
Rep: Reputation: 0
Same problem.
 
Old 08-04-2006, 01:54 PM   #7
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
Check the permissions on your user home dirctories and on /etc. /etc/ shoud be 755 and the home dirctories should be owned by the respective users...not root.

Cheers
Arvind
 
Old 08-04-2006, 02:03 PM   #8
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
Aha I knew it was something to do with smbpasswd... see if this helps...

http://www.samba.org/samba/docs/man/...html#id2566240

"man" around on smbpasswd to check how it works...

Cheers
Arvind
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LDAP Authentication w/ Local User Information Adrian W Linux - Security 13 08-17-2004 11:09 AM
authentication required on smtp on local lan ashfaq Linux - Software 1 02-27-2004 04:56 AM
gwet authentication fails drwolfson Linux - Software 0 02-04-2004 05:00 AM
Kppp - login authentication fails mowtown75 Linux - Newbie 2 07-29-2003 09:07 AM
Local user authentication fails when eth0 is up... patapon Linux - Security 1 12-17-2001 04:37 AM


All times are GMT -5. The time now is 10:29 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration