List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
-----BEGIN PGP SIGNED MESSAGE-----
On Thursday 08 April 2004 15:42, Volkov Peter Alexandrovich wrote:
> I have Samba server. I'd like to use it as WINS server and, as this
> computer is only samba server, so it's a good idea to make it local
> master browser. It's Ok with configuration of PAM, but some time after
> server was up users became to blame me for bad network browsing. I
> blame PAM.
> The first sing was during ssh login. It takes long time to connect on
> a absolutly free server! Then during system startup after starting
> last service everything hangs on >20 seconds and only after this I can
> see login invitation.
> Yesterday I rebuilded system from stage 3, and for 1 day everything
> worked very fast (as it must to work) but now again this delay doesn't
> allow users to browse in a normal way (As this computer is local
> master browser (NBT)).
> A little experiment to understand that it is really PAM. I've started
> sshd -d to see what is going on. So: file-server root # sshd -d
> debug1: sshd version OpenSSH_3.7.1p2
> debug1: read PEM private key done: type RSA
> debug1: private host key: #0 type 1 RSA
> debug1: read PEM private key done: type DSA
> debug1: private host key: #1 type 2 DSA
> socket: Address family not supported by protocol
> debug1: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> debug1: Server will not fork when running in debugging mode.
> At this point server is waiting for connections... then I'm trying to
> connect :
> Connection from 172.16.0.1 port 32781
> debug1: Client protocol version 2.0; client software version
> OpenSSH_3.7.1p2 debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2
> debug1: permanently_set_uid: 22/22
> debug1: list_hostkey_types: ssh-rsa,ssh-dss
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
> debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: KEX done
> debug1: userauth-request for user root service ssh-connection method
> none debug1: attempt 0 failures 0
> debug1: PAM: initializing for "root"
> At this point process stops on >20 seconds and then with the next
> strings of text the password promt was show to me...
> As Samba uses PAM for authentification for now I am sure that it is
> PAM that slows down the whole windows networking.
> I have 4 boxes with identical configuration (although the hardware
> differs a bit) but this happens only on one of them.
> How to speedup PAM? How can I find out more details about problem?
How is your pam authentication set up? What are the contents
of /etc/pam.d/sshd, /etc/pam.d/system-auth
If you use system-auth-winbind. Then don't use pam authentication for
samba. Also in general using standard authentication for samba is quite
insecure. It seems that the problem is caused by some kind of
Paul de Vrieze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----
email@example.com mailing list