Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I am running the latest versions of Fedora, Samba, & vsftp. The box is a member of an Active Directory (AD) domain. I use this box as an FTP server that is accessed both internally from our Windows AD domain (using AD accounts) & by our external clients (using local user accounts) via the internet. Samba is set up correctly & authenticates AD accounts just fine. However, my external clients can no longer authenticate using local user accounts. I've tried authenticating through the LAN (to eliminate the firewall/router as a suspect), & it still doesn't work. I tried to logon to the local box with a local account, & that doesn't work either. I can, however, log onto the Fedora box using the local root account.
The problem quite clearly based on what you've described lies in some kind of incorrect config on the box itself. When you say local logon at the console for user accounts itself is not working...what errors do you get when you try and login?
I remember having something like this when I was trying to setup NFS on Solaris some time back...have a feeling this is related to the Samba config ...remember something about Samba needing users itself...."smbpasswd" ...
I know I'm not being very helpful here..thats coz I dont remember teh exact things...u might want to drill down through what I said if you think that's related...
Hey hold on...this looks helpful...u might want to try this out...
touch /var/run/console/user-name(whom you want to allow local access)
This is what I found as the explanation:
The gnome-session code checks for /var/run/console/<current username> to see if the current user is allowed to reboot or halt. If the file does not exist, then gnome-session does not provide the halt and reboot options. Otherwise, it does. Redhat apparently has code that automatically adds users to /var/run/console when they login locally-- so they make the assumption that if the user logged in locally, they can shut the machine down. Not the best assumption
So the point being PAM is controlling something here .. and I have no clue abt how PAM works .. so maybe someone else can throw some light on what is going on here...