Enviado em 06/09/2017 - 18:05h
Ambiente: Domínio totalmente Windows 2012r2 com algumas estações Linux ingressadas no AD usando winbind Kerberos samba e Pam.
Set 06 18:51:05 timc-patrick5 systemd[1]: Started CUPS Scheduler.
Set 06 18:55:26 timc-patrick5 cupsd[2319]: pam_krb5(cups:auth): authentication failure; logname=asdasd uid=0 euid=0 tty=cups ruser= rhost=localhost
Set 06 18:55:26 timc-patrick5 cupsd[2319]: pam_unix(cups:auth): check pass; user unknown
Set 06 18:55:26 timc-patrick5 cupsd[2319]: pam_unix(cups:auth): authentication failure; logname= uid=0 euid=0 tty=cups ruser= rhost=localhost
Set 06 18:55:46 timc-patrick5 cupsd[2319]: pam_krb5(cups:auth): user patrickpcs authenticated as patrickpcs@DOMAIN.INTRANET
root@timc-patrick5:/etc/pam.d# egrep -v "^#" common-*
common-account:account [success=2 new_authtok_reqd=done default=ignore] pam_winbind.so
common-account:account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
common-account:account requisite pam_deny.so
common-account:account required pam_permit.so
common-account:account required pam_krb5.so minimum_uid=1000
common-auth:
common-auth:auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000
common-auth:auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass
common-auth:auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
common-auth:auth requisite pam_deny.so
common-auth:auth required pam_permit.so
common-auth:auth optional pam_mount.so
common-password:
common-password:
common-password:
common-password:password [success=3 default=ignore] pam_krb5.so minimum_uid=1000
common-password:password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
common-password:password [success=1 default=ignore] pam_winbind.so use_authtok try_first_pass
common-password:password requisite pam_deny.so
common-password:password required pam_permit.so
common-password:password optional pam_gnome_keyring.so
common-session:session [default=1] pam_permit.so
common-session:session requisite pam_deny.so
common-session:session required pam_permit.so
common-session:session optional pam_umask.so
common-session:session optional pam_krb5.so minimum_uid=1000
common-session:session required pam_unix.so
common-session:session required pam_mkhomedir.so umask=0077 skel=/etc/skel
common-session:session optional pam_winbind.so
common-session:session optional pam_mount.so
common-session:session optional pam_systemd.so
common-session-noninteractive:
common-session-noninteractive:session [default=1] pam_permit.so
common-session-noninteractive:session requisite pam_deny.so
common-session-noninteractive:session required pam_permit.so
common-session-noninteractive:session optional pam_umask.so
common-session-noninteractive:session optional pam_krb5.so minimum_uid=1000
common-session-noninteractive:session required pam_unix.so
common-session-noninteractive:session optional pam_winbind.so
root@timc-patrick5:/etc/pam.d# cat cups
@include common-auth
@include common-account
@include common-session
root@timc-patrick5:/etc/cups# egrep -v "^#" cups-files.conf
SystemGroup "usuários do domínio"
AccessLog /var/log/cups/access_log
ErrorLog /var/log/cups/error_log
PageLog /var/log/cups/page_log
root@timc-patrick5:/etc/samba# egrep -v "^#" smb.conf
[global]
security = ads
realm = DOMAIN.INTRANET
workgroup = DOMAIN
idmap uid = 10000-15000
idmap gid = 10000-15000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U-%D
template shell = /bin/bash
client use spnego = yes
client NTLMv2 auth = yes
winbind use default domain = yes
restrict anonymous = 2
winbind refresh tickets = yes
winbind expand groups = 1
client plaintext auth = no
root@timc-patrick5:/etc# egrep -v "^#" krb5.conf
[libdefaults]
default_realm = DOMAIN.INTRANET
[realms]
DOMAIN.INTRANET = {
kdc = dc1.domain.intranet
kdc = dc2.domain.intranet
kdc = dc3.domain.intranet
kdc = dc4.domain.intranet
default_domain = DOMAIN.INTRANET
admin_server = dc1.domain.intranet
}
[domain_realm]
.domain.intranet = DOMAIN.INTRANET
Enviar mensagem ao usuário trabalhando com as opções do php.ini
Meu Fork do Plugin de Integração do CVS para o KDevelop
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Compartilhamento de Rede com samba em modo Público/Anônimo de forma simples, rápido e fácil
Cups: Mapear/listar todas as impressoras de outro Servidor CUPS de forma rápida e fácil
Criando uma VPC na AWS via CLI
Queria saber se existe alguma forma de desistalar programa no ubuntu s... (2)
Quero saber sobre os melhores aplicativos de office para usar em 2024 ... (1)
Tem como instalar o gerenciador AMD Adrenalin no Ubuntu 24.04? (16)