Re: F16, FTP-servers, sssd and LDAP-backend

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 15. nov. 2011 14:44, Stephen Gallagher wrote:

>
> It should be working with *just* PAMAuthentication. Can you check to see
> if /var/log/secure is showing any errors during login?
>
> Also, please attach your /etc/pam.d/pure-ftpd
> and /etc/pam.d/password-auth files so we can see if they're
> misconfigured.
>

Thanks (again) for helping out.

The server is a completely fresh install of F16, so no config-files 
should be left from old installations.

Auth is set up with authconfig.

I do get an error from pam_unix when the user tries to log in - but I 
get that for all services:

pure-ftp:

Nov 14 14:01:22 poseidon pure-ftpd: pam_unix(pure-ftpd:auth): 
authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=olen 
rhost=  user=olen
Nov 14 14:01:23 poseidon pure-ftpd: pam_sss(pure-ftpd:auth): 
authentication success; logname= uid=0 euid=0 tty=pure-ftpd ruser=olen 
rhost= user=olen

I get the same with dovecot:

Nov 15 15:10:20 poseidon auth: pam_unix(dovecot:auth): authentication 
failure; logname= uid=0 euid=0 tty=dovecot ruser=olen rhost=::1  user=olen
Nov 15 15:10:21 poseidon auth: pam_sss(dovecot:auth): authentication 
success; logname= uid=0 euid=0 tty=dovecot ruser=olen rhost=::1 user=olen


/etc/pam.d/pure-ftpd
#%PAM-1.0

# Sample PAM configuration file for Pure-FTPd.
# Install it in /etc/pam.d/pure-ftpd or add to /etc/pam.conf

auth       required     pam_listfile.so item=user sense=deny 
file=/etc/ftpusers onerr=succeed
auth       include      password-auth
auth       required     pam_shells.so
auth       required     pam_nologin.so

account    include      password-auth

password   include      password-auth

session    required     pam_loginuid.so
session    include      password-auth



/etc/pam.d/password-auth is a symlink to password-auth-ac


/etc/pam.d/password-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_sss.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok 
try_first_pass use_authtok
password    sufficient    pam_sss.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in 
crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_sss.so



/Ola (T)



-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux