[Samba] getting error Ignoring parameter browse directory and winbind sequence directory
Rowland Penny
rowlandpenny241155 at gmail.com
Mon Oct 12 10:44:50 UTC 2015
On 12/10/15 08:27, VigneshDhanraj G wrote:
> Hi Rowland,
>
> Thanks for the help.
>
> Yes, Joined to the domain, ftp uses pam authentication. After
> upgrading samba i found ftp pam authentication not working
>
> /etc/pam.d/ftp contains
>
> #%PAM-1.0
> auth sufficient /lib/security/pam_smbpass.so
> auth sufficient /lib/security/pam_winbind.so cached_login
> auth required /lib/security/pam_winbind.so krb5_auth
> account required /lib/security/pam_nologin.so
> account sufficient /lib/security/pam_smbpass.so
> account required /lib/security/pam_winbind.so
> password sufficient /lib/security/pam_smbpass.so
> password required /lib/security/pam_winbind.so
> session required /lib/security/pam_unix.so
>
> here, we want to change anything?
>
>
OK, I have installed proftpd on a Debian Jessie Samba 4.3.0 domain
member and set it up to use AD for authentication and it works for me
(note, I did not use ldap authentication, I used PAM)
My PAM setup is this:
/etc/pam.d/proftpd
auth required pam_listfile.so item=user sense=deny
file=/etc/ftpusers onerr=succeed
@include common-auth
@include common-account
@include common-session
/etc/pam.d/common-auth
auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000
auth [success=2 default=ignore] pam_unix.so nullok_secure
try_first_pass
auth [success=1 default=ignore] pam_winbind.so krb5_auth
krb5_ccache_type=FILE cached_login try_first_pass
auth requisite pam_deny.so
auth required pam_permit.so
/etc/pam.d/common-account
account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
account [success=1 new_authtok_reqd=done default=ignore] pam_winbind.so
account requisite pam_deny.so
account required pam_permit.so
account required pam_krb5.so minimum_uid=1000
/etc/pam.d/common-session
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session optional pam_krb5.so minimum_uid=1000
session required pam_unix.so
session optional pam_winbind.so
session optional pam_ck_connector.so nox11
My /etc/proftpd/proftpd.conf # most of the commented lines removed
# Includes DSO modules
Include /etc/proftpd/modules.conf
UseIPv6 off
IdentLookups off
ServerName "My Server Name"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter \*.*/
DefaultRoot ~
Port 21
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>
MaxInstances 30
User proftpd
Group nogroup
Umask 022 022
AllowOverwrite on
PersistentPasswd off
# This is required to use both PAM-based authentication and local passwords
AuthOrder mod_auth_pam.c* mod_auth_unix.c
AuthPAMConfig proftpd
AuthPAM On
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
Include /etc/proftpd/conf.d/
Rowland
More information about the samba
mailing list