Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-01-2006, 06:45 PM
|
#1
|
LQ Newbie
Registered: Aug 2006
Posts: 3
Rep:
|
Local authentication fails
I am running the latest versions of Fedora, Samba, & vsftp. The box is a member of an Active Directory (AD) domain. I use this box as an FTP server that is accessed both internally from our Windows AD domain (using AD accounts) & by our external clients (using local user accounts) via the internet. Samba is set up correctly & authenticates AD accounts just fine. However, my external clients can no longer authenticate using local user accounts. I've tried authenticating through the LAN (to eliminate the firewall/router as a suspect), & it still doesn't work. I tried to logon to the local box with a local account, & that doesn't work either. I can, however, log onto the Fedora box using the local root account.
The NSSWITCH.CONF contains the following:
passwd: files winbind
shadow: files winbind
group: files winbind
The VSFTPD.CONF contains the following:
anonymous_enable=NO
chroot_local_user=YES
connect_from_port_20=YES
dirmessage_enable=YES
listen=YES
local_enable=YES
tcp_wrappers=YES
use_localtime=YES
userlist_enable=YES
write_enable=YES
xferlog_enable=YES
local_umask=077
pam_service_name=vsftpd
Anyone know what is going on or where else I should look?
|
|
|
08-02-2006, 02:24 AM
|
#2
|
Member
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257
Rep:
|
The problem quite clearly based on what you've described lies in some kind of incorrect config on the box itself. When you say local logon at the console for user accounts itself is not working...what errors do you get when you try and login?
I remember having something like this when I was trying to setup NFS on Solaris some time back...have a feeling this is related to the Samba config ...remember something about Samba needing users itself...."smbpasswd" ...
I know I'm not being very helpful here..thats coz I dont remember teh exact things...u might want to drill down through what I said if you think that's related...
All the best....
Arvind
|
|
|
08-02-2006, 02:32 AM
|
#3
|
Member
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257
Rep:
|
Hey hold on...this looks helpful...u might want to try this out...
touch /var/run/console/user-name(whom you want to allow local access)
This is what I found as the explanation:
===============
The gnome-session code checks for /var/run/console/<current username> to see if the current user is allowed to reboot or halt. If the file does not exist, then gnome-session does not provide the halt and reboot options. Otherwise, it does. Redhat apparently has code that automatically adds users to /var/run/console when they login locally-- so they make the assumption that if the user logged in locally, they can shut the machine down. Not the best assumption
===============================
So the point being PAM is controlling something here .. and I have no clue abt how PAM works .. so maybe someone else can throw some light on what is going on here...
|
|
|
08-03-2006, 12:35 PM
|
#4
|
LQ Newbie
Registered: Aug 2006
Posts: 3
Original Poster
Rep:
|
The only error message I get is "Login failed". Nothing more.
|
|
|
08-03-2006, 01:59 PM
|
#5
|
Member
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257
Rep:
|
Try the solution I recommended after that .. in the next post and see if it works...
|
|
|
08-04-2006, 11:34 AM
|
#6
|
LQ Newbie
Registered: Aug 2006
Posts: 3
Original Poster
Rep:
|
Same problem.
|
|
|
08-04-2006, 02:54 PM
|
#7
|
Member
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257
Rep:
|
Check the permissions on your user home dirctories and on /etc. /etc/ shoud be 755 and the home dirctories should be owned by the respective users...not root.
Cheers
Arvind
|
|
|
08-04-2006, 03:03 PM
|
#8
|
Member
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257
Rep:
|
Aha I knew it was something to do with smbpasswd... see if this helps...
http://www.samba.org/samba/docs/man/...html#id2566240
"man" around on smbpasswd to check how it works...
Cheers
Arvind
|
|
|
All times are GMT -5. The time now is 10:50 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|