search for: getpw

...groups=50005(DOMAIN\Domain Users) Accessing as DOMAIN\adsuser1 connects as uid=50000,gid=50005. This is expected; we want winbind to fake a UID/GID. Accessing as DOMAIN\user1 connects as uid=50001,gid=50005. This is NOT expected. As far as I can tell, it's because samba first tries getpwnam("DOMAIN\user1") which isn't found by NIS but winbind(8) fakes up an entry. b) nsswitch.conf passwd: files nis group: files nis smb.conf winbind trusted domains only = no nsswitch test results: % id user1 uid=10001(user1) gid=20000(group0) groups=20000(group0)...

...nbind from /etc/nsswitch.conf works, which means there isn't some magic piece of code that communicates with winbind directly. If so - how come I get assigned my winbind UID and not my /etc/passwd UID? What exactly am I missing? I was under the impression that all Samba does with lookups is a getpw* and doesn't muck about. Running getent passwd put my NIS UID _before_ the winbind UID. Shouldn't that mean that I would be assigned my normal UID before it turns to the autogenerated one? Thanks! Nir. -- Nir Soffer -=- Software Engineer, Exanet Inc. -=- "Father, why are all the chi...

On Mon, 17 Aug 2015, Todd C. Miller wrote: > I like the idea but tilde_expand_filename() calls fatal() if it > cannot resolve ~foo. This is not terrible when using -L and -R on > the normal command line but it seems pretty harsh to exit when -L > or -R are used via the ~C escape or the streamlocal-forward at openssh.com > request. > Message-Id: <aea6cdc1d1b42d07 at

...ning on FreeBSD 4.9..... Tried with the default config file and my own one (below) but when trying to login I get the following: Feb 10 17:59:53 cobain dovecot-auth: passwd(jamie): invalid password field '*' It seems like it is trying to read straight from /etc/passwd? I thought it called getpw(). Is this a common error and could anyone shed some light on how to fix it? Thanks :) Jamie -- dovecot.conf ## Dovecot 1.0 configuration file base_dir = /var/dovecot/ protocols = imap imap_listen = 192.168.120.7 login_dir = /var/dovecot/login login_chroot = yes ssl_disable = yes ## IMAP lo...

Hello, When I open a text file on a Samba fileserver using LDAP for authentication, Samba always makes these LDAP calls (see below). The user has been authenticated so why does Samba still makes these LDAP connections? Any ideas? /var/log/ldap.log when opening a text file. ldap-hh slapd[22940]: conn=3922 op=19 SRCH base="o=kuleuven,c=be" scope=2 filter="(uid=m2000944)"

Hi We recenlty ugraded to openssh-3.7.1p2. Our architecture is ssh daemon uses pam module which sends request to remote radius/tacacs+ servers based on configuration. Now if I create the user in /etc/passwd, then ssh daemon calls pam and everthing works fine. But if the user is not present in /etc/passwd, then ssh daemon is not calling pam. The debug log is given below. All these

Hi, I use rsync to back up my Linux system to hard drive. I use the -av option, and it preserves uids. However if I reinstall Linux, and try to restore from the backup hard drive, the owner permissions get all mixed up, I assume since the numeric uids don't match up with the equivalent usernames any more. For example, user nobody might have had uid 123 in my old system, but now in the new

Release Announcements --------------------- This is the latest stable release of the Samba 4.11 release series. Changes since 4.11.9 -------------------- o Jeremy Allison <jra at samba.org> * BUG 14374: Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name. o Ralph Boehme <slow at samba.org> * BUG 14350:

Release Announcements --------------------- This is the latest stable release of the Samba 4.11 release series. Changes since 4.11.9 -------------------- o Jeremy Allison <jra at samba.org> * BUG 14374: Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name. o Ralph Boehme <slow at samba.org> * BUG 14350:

Hi, does anyone know if aide should have access to this socket? SELinux is preventing /usr/sbin/aide from write access on the sock_file /var/run/winbindd/pipe. Thanks Patrick (on CentOS6 if that matters)

...documentation that sshrc commands are run by sh, and not the user shell. There are still some other things that could use more detail. For example, sshd never uses the SHELL environment variable, but ssh-agent does. I think it should be stated that commands are always run under the shell defined by getpw(), including commands for ssh_config keys with the "command=" option. This came up when trying to set up an ssh key to allow remote execution of a pre-defined task using the "command=" feature. I also wanted to disable logins for that account, so it could only be used to invoke...

Hi all, I'm writing to you becuase I have compiled PAM in SCO (now Caldera) Openserver 5.0.x, and when I tried to use SSH with PAM enabled, y realized that OpenSSH depends on the user to exist en the /etc/passwd, and /etc/shadow databases, or equivalent ones (it uses getpw...() functions to determine validity of the user). In Linux, the simlpe solution is to use nsswitch, but it seems to hard (and not strictly necesary) to make a port of it for Openserver too. I'm administering security in a network with more than 20 server, and I'm triyng to implement LDAP...

Hi all, I have a strange problem with winbind. Samba says that "REALM<winbind seperator>username" is not a valid user (winbind getpw() call), but winbind works! The strange thing is when I call "wbinfo -u", the result is a AD-Userlist like this: username1 username2 . . . So far so good, but why not: REALM<winbind seperator>username The same problem occurs when I call getent! I have "played" with th...

...4,10 @@ return get_dyn_SHLIBEXT(); } +#ifndef NSS_BUFLEN_PASSWD +#define NSS_BUFLEN_PASSWD 2048 +#endif + static char *get_user_home_dir(TALLOC_CTX *mem_ctx) { struct passwd pwd = {0}; One might wanna change the code to use a dynamically allocated ?buf? and have a loop around getpwnam_r() that checks for ERANGE and retry with a bigger ?buf? though. (Same basically goes for all the get{pw,gr}xx_r() functions - not 100% important for getpw unless you have extremely long path?s or silly long full names but the getgrxx() calls might need it for groups with huge membership lists?)...

http://bugzilla.mindrot.org/show_bug.cgi?id=117 ------- Additional Comments From fcusack at fcusack.com 2002-04-16 23:27 ------- sshd should definitely not be using 'NOUSER'. The correct thing is to use the username, regardless of whether (pw) exists. I can't understand why you would substitute the value 'NOUSER'. ------- You are receiving this mail because: -------

I have a problem with winbind and pam that I just can't quite get past. Here is what I have: I have a home office with a Windows 2000 active directory domain (domain XYZ). I have a remote office running Samba 3.0.14a connected to the home office via a VPN. All users at the remote office are required to have an account on the active directory domain at the home office for several reasons,

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

https://bugzilla.mindrot.org/show_bug.cgi?id=2280 Bug ID: 2280 Summary: openssh-6.6p1 compression throwing Segmentation fault Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee:

...derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user testme service ssh-connection method none debug1: attempt 0 failures 0 debug3: mm_getpwnamallow entering debug3: mm_request_send entering: type 6 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM debug3: mm_request_receive_expect entering: type 7 debug3: mm_request_receive entering debug3: monitor_read: checking request 6 debug3: mm_answer_pwnamallow debug3: Trying to reverse ma...

Well I installed a21 and I was able to add a machine account. The first time it comes back bad password, then the second attempt it works. But now when i restart and try to login it says it cant find the computer account. Am I missing something(yes i have signorseal)? Here is the log from the login attempt: 2002/11/27 16:20:00, 6] param/loadparm.c:lp_file_list_changed(2310)