Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I'm trying to set up a new Linux server using Fedora Core 3, with various apps like qmail, apache, etc. I'm having a problem though whenever I try to log in remotely to the linux box from WinXP as any of the local linux users. A few examples:
1) I try to configure a POP3 email client to log into the mailbox of one of my linux users, and it fails saying my password is incorrect.
2) I try to configure samba and set up a remote share (I included encrypt passwords = yes and the smbpasswd programs, just to get that out of the way), and I can see the share but can not authenticate to access it with the username / password combos I'm sending for my users.
3) I've now tried to set up an FTP server on the host, vsftpd, did an ldd vsftpd to confirm that it is linking up with PAM, put in the vsftpd.pam file into the /etc/pam.d/ path, also set local_enable=YES in the vsftpd.conf file. But whenever I send in the auth credentials it says there is an invalid password.
The fact that I'm having these password problems across all of these different apps is telling me one of two things:
1) I ain't installing them correctly for the right authentication mechanisms.
2) There's something misconfigured globally that isn't allowing me to remotely login to my linux box using the linux users from my Windows box.
If I need to follow up with the contents of any files or outputs of shell commands let me know and I'll be happy to do so (I'm just not sure what would be helpful at this point for everyone). Thanks again for the help, it is much appreciated.
Both vsftpd and Samba actually have configuration quirks, so it's likely that PAM isn't the culprit.
(I'm assuming that you've already done a connectivity test with ping and a DNS check with nslookup).
The one remote service you can always rely on to work without issue is SSH - it's installed and active by default, uses only one port (TCP 22), and by default all local users can access it. Change the firewall to allow it through. Use PuTTY and WinSCP on Windows to connect - these are free, very reliable and require no extra configuration.
(Note that the file transfer functions of SSH are similar to FTP. HTTP/WebDAV and SSH have made FTP essentially a legacy service at this point).
The quirk with vsftpd is that it will sit there and refuse to allow any access until the chroot files are there and correct - check the config file and read the chroot file option comments carefully, as it doesn't work quite the way you'd intuitively expect.
Be aware that Samba *doesn't* use PAM. Windows stores passwords in a UNIX-incompatible way, so Samba has to maintain a separate database of users. Check the "smbpasswd" man page, or better yet, the Samba Website for absolutely excellent documentation that will take you setting up any configuration you want.
Thanks hob for the reply, I will try out SSH instead. I did figure out at least the problems I was having with qmail, had nothing to do with PAM at all; further reading in the documentation told me I wasn't using the proper username format, so I have those figured out now.