Enviado em 06/09/2017 - 18:05h
Ambiente: Domínio totalmente Windows 2012r2 com algumas estações Linux ingressadas no AD usando winbind Kerberos samba e Pam.
Set 06 18:51:05 timc-patrick5 systemd[1]: Started CUPS Scheduler.
Set 06 18:55:26 timc-patrick5 cupsd[2319]: pam_krb5(cups:auth): authentication failure; logname=asdasd uid=0 euid=0 tty=cups ruser= rhost=localhost
Set 06 18:55:26 timc-patrick5 cupsd[2319]: pam_unix(cups:auth): check pass; user unknown
Set 06 18:55:26 timc-patrick5 cupsd[2319]: pam_unix(cups:auth): authentication failure; logname= uid=0 euid=0 tty=cups ruser= rhost=localhost
Set 06 18:55:46 timc-patrick5 cupsd[2319]: pam_krb5(cups:auth): user patrickpcs authenticated as patrickpcs@DOMAIN.INTRANET
root@timc-patrick5:/etc/pam.d# egrep -v "^#" common-*
common-account:account [success=2 new_authtok_reqd=done default=ignore] pam_winbind.so
common-account:account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
common-account:account requisite pam_deny.so
common-account:account required pam_permit.so
common-account:account required pam_krb5.so minimum_uid=1000
common-auth:
common-auth:auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000
common-auth:auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass
common-auth:auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
common-auth:auth requisite pam_deny.so
common-auth:auth required pam_permit.so
common-auth:auth optional pam_mount.so
common-password:
common-password:
common-password:
common-password:password [success=3 default=ignore] pam_krb5.so minimum_uid=1000
common-password:password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
common-password:password [success=1 default=ignore] pam_winbind.so use_authtok try_first_pass
common-password:password requisite pam_deny.so
common-password:password required pam_permit.so
common-password:password optional pam_gnome_keyring.so
common-session:session [default=1] pam_permit.so
common-session:session requisite pam_deny.so
common-session:session required pam_permit.so
common-session:session optional pam_umask.so
common-session:session optional pam_krb5.so minimum_uid=1000
common-session:session required pam_unix.so
common-session:session required pam_mkhomedir.so umask=0077 skel=/etc/skel
common-session:session optional pam_winbind.so
common-session:session optional pam_mount.so
common-session:session optional pam_systemd.so
common-session-noninteractive:
common-session-noninteractive:session [default=1] pam_permit.so
common-session-noninteractive:session requisite pam_deny.so
common-session-noninteractive:session required pam_permit.so
common-session-noninteractive:session optional pam_umask.so
common-session-noninteractive:session optional pam_krb5.so minimum_uid=1000
common-session-noninteractive:session required pam_unix.so
common-session-noninteractive:session optional pam_winbind.so
root@timc-patrick5:/etc/pam.d# cat cups
@include common-auth
@include common-account
@include common-session
root@timc-patrick5:/etc/cups# egrep -v "^#" cups-files.conf
SystemGroup "usuários do domínio"
AccessLog /var/log/cups/access_log
ErrorLog /var/log/cups/error_log
PageLog /var/log/cups/page_log
root@timc-patrick5:/etc/samba# egrep -v "^#" smb.conf
[global]
security = ads
realm = DOMAIN.INTRANET
workgroup = DOMAIN
idmap uid = 10000-15000
idmap gid = 10000-15000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U-%D
template shell = /bin/bash
client use spnego = yes
client NTLMv2 auth = yes
winbind use default domain = yes
restrict anonymous = 2
winbind refresh tickets = yes
winbind expand groups = 1
client plaintext auth = no
root@timc-patrick5:/etc# egrep -v "^#" krb5.conf
[libdefaults]
default_realm = DOMAIN.INTRANET
[realms]
DOMAIN.INTRANET = {
kdc = dc1.domain.intranet
kdc = dc2.domain.intranet
kdc = dc3.domain.intranet
kdc = dc4.domain.intranet
default_domain = DOMAIN.INTRANET
admin_server = dc1.domain.intranet
}
[domain_realm]
.domain.intranet = DOMAIN.INTRANET
Enviar mensagem ao usuário trabalhando com as opções do php.ini
Meu Fork do Plugin de Integração do CVS para o KDevelop
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Compartilhamento de Rede com samba em modo Público/Anônimo de forma simples, rápido e fácil
Cups: Mapear/listar todas as impressoras de outro Servidor CUPS de forma rápida e fácil
Criando uma VPC na AWS via CLI
Tem como instalar o gerenciador AMD Adrenalin no Ubuntu 24.04? (16)
Arch Linux - Guia para Iniciantes (2)
Problemas ao instalar o PHP (11)
Tenho dois Link's ( IP VÁLIDOS ), estou tentando fazer o failover... (0)