Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
On Thu, 8 Apr 2004 15:57:03 +0200
Paul de Vrieze <pauldv@g.o> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thursday 08 April 2004 15:42, Volkov Peter Alexandrovich wrote:
> > Hi.
> >
> > I have Samba server. I'd like to use it as WINS server and, as this
> > computer is only samba server, so it's a good idea to make it local
> > master browser. It's Ok with configuration of PAM, but some time after
> > server was up users became to blame me for bad network browsing. I
> > blame PAM.
> >
> > The first sing was during ssh login. It takes long time to connect on
> > a absolutly free server! Then during system startup after starting
> > last service everything hangs on >20 seconds and only after this I can
> > see login invitation.
> >
> > Yesterday I rebuilded system from stage 3, and for 1 day everything
> > worked very fast (as it must to work) but now again this delay doesn't
> > allow users to browse in a normal way (As this computer is local
> > master browser (NBT)).
> >
> > A little experiment to understand that it is really PAM. I've started
> > sshd -d to see what is going on. So: file-server root # sshd -d
> > As Samba uses PAM for authentification for now I am sure that it is
> > PAM that slows down the whole windows networking.
>
> How is your pam authentication set up? What are the contents
> of /etc/pam.d/sshd, /etc/pam.d/system-auth
> and /etc/pam.d/system-auth-winbind
I did not change the contents of these files. But to be sure here it is:
file-server etc # cat /etc/pam.d/sshd
#%PAM-1.0
auth required pam_stack.so service=system-auth
auth required pam_shells.so
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
file-server etc # cat /etc/pam.d/system-auth
#%PAM-1.0
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok md5 shadow use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
file-server etc # cat /etc/pam.d/system-auth-winbind
#%PAM-1.0
# $Header: /home/cvsroot/gentoo-x86/net-fs/samba/files/system-auth-winbind,v 1.1 2002/05/06 19:57:08 woodchip Exp $
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so likeauth nullok use_first_pass
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
> If you use system-auth-winbind. Then don't use pam authentication for
> samba.
I don't know what is system-auth-winbind(/etc/pam.d/system-auth-winbind?), so I guess I don't use it.
> Also in general using standard authentication for samba is quite
> insecure.
What are the better ways to authenticate users then standard way?
> It seems that the problem is caused by some kind of
> authentication loop.
How can I find out this loop?
______________________________________
Volkov Peter, <pvolkov@...>
Moscow State University, Phys. Dep.
______________________________________
Linux 2.4.25 i686
Mobile Intel(R) Celeron(R) CPU 1.60GHz
--
gentoo-security@g.o mailing list
|
|
