search for: linuxadmins

...gt; Hi, > > I have a Debian Stretch system running a self-compiled version 4.7.3 > > of Samba. Having followed the Samba WiKi to allow AD users to log > > onto the servers using PAM authentication, I now want to restrict > > access to specified group(s). So I created a linuxadmins group and > > made some test users members of the group. > > > > Initially I tried to restrict access by > > modifying /etc/security/access.conf and adding a file > > to /usr/share/pam-configs containing Auth: required pam_access.so. > > This works OK for normal...

Hi, I have a Debian Stretch system running a self-compiled version 4.7.3 of Samba. Having followed the Samba WiKi to allow AD users to log onto the servers using PAM authentication, I now want to restrict access to specified group(s). So I created a linuxadmins group and made some test users members of the group. Initially I tried to restrict access by modifying /etc/security/access.conf and adding a file to /usr/share/pam-configs containing Auth: required pam_access.so. This works OK for normal users, including AD users, but I cannot get it to work fo...

Wed, 15 Jul 2020 16:18:32 +0100 Rowland penny via samba <samba at lists.samba.org>: > On 15/07/2020 16:10, RhineDevil wrote: > > Wed, 15 Jul 2020 16:07:06 +0100 Rowland penny via samba <samba at lists.samba.org>: > >> On 15/07/2020 15:44, RhineDevil wrote: > >>> Wed, 15 Jul 2020 15:23:41 +0100 Rowland penny via samba <samba at lists.samba.org>: >

...t; I have a Debian Stretch system running a self-compiled version 4.7.3 > > > of Samba. Having followed the Samba WiKi to allow AD users to log > > > onto the servers using PAM authentication, I now want to restrict > > > access to specified group(s). So I created a linuxadmins group and > > > made some test users members of the group. > > > > > > Initially I tried to restrict access by > > > modifying /etc/security/access.conf and adding a file > > > to /usr/share/pam-configs containing Auth: required pam_access.so. > >...

I noticed this today, I had a user outside of our department test out dovecot. They were using squirrelmail and I noticed that dovecot thinks this user is subscribed to ALL public folders even though a dovecot ACL prevents all access. I'm pretty sure access is still denied. I was able to reproduce this with a guest account I added: l lsub "" "#shared/decs/%" * LSUB

...ba.org> wrote: > Hi, > I have a Debian Stretch system running a self-compiled version 4.7.3 > of Samba. Having followed the Samba WiKi to allow AD users to log > onto the servers using PAM authentication, I now want to restrict > access to specified group(s). So I created a linuxadmins group and > made some test users members of the group. > > Initially I tried to restrict access by > modifying /etc/security/access.conf and adding a file > to /usr/share/pam-configs containing Auth: required pam_access.so. > This works OK for normal users, including AD users, bu...

...;require_membership_of' line to the winbind auth line in > > > PAM. > > > Rowland > > Thanks Rowland, that did the trick and is the simplest solution. > > > > Found that only one \ was required to separate the domain part from the group name part - ie DOMAIN\linuxadmins rather than > > DOMAIN\\linuxadmins. (the man page for pam_winbind.conf suggests two \\ are needed) > > Just one thing on that. Remember that this is not checked by SSH for > authorized_keys based logins, it is run on the password checking path > only. As long as they can'...

Hello, I've a member server that is working fine as shared folder server (all shares works and it permissions). My problem is that when I add the nsswitch winbind entries then the server uses the DC to authenticate even when I use ssh, so if Samba DC server fails I have problems to login into the member server. My nsswitch: passwd: compat winbind group: compat winbind

...nd auth > > > > line in PAM. > > > > > Rowland > > > Thanks Rowland, that did the trick and is the simplest solution. > > > > > > Found that only one \ was required to separate the domain part > > > from the group name part - ie DOMAIN\linuxadmins rather than > > > DOMAIN\\linuxadmins. (the man page for pam_winbind.conf > > > suggests two \\ are needed) > > > > Just one thing on that. Remember that this is not checked by SSH > > for authorized_keys based logins, it is run on the password > > chec...

Hi guys, i use xen3.2. how can i manually create the xenbr0 ? which parameters have i to choose for brctl ? thanks, -- Viele Grüße Dominique Holger Schramm | Linux Administrator http://schwarz-weiss.cc/ | Life between PuTTy and reality http://ihr-linuxadmin.eu/ | Commercial Admin Service _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com

Several different PAM modules relating to Samba exist. The ones I could find were as follows: pam_smb http://www.csn.ul.ie/~airlied/pam_smb/ Authenticates against an NT domain controller, without joining the domain. (Doesn't work with Active Directory.) pam_ntdom http://www.cb1.com/~lkcl/pam-ntdom/ Based on the above, authenticates against an NT domain. Requires the client to be added to

Hi. I''m a beginner, but I have a basic puppet setup working. I am doing a manual tarball installation and it seems to be hanging then eventually timing out on just downloading the file: file { "/opt/hadoop-0.20.0.tar.gz": source => "puppet:///hadoop020/hadoop-0.20.0.tar.gz" } I have another module that does the same things and works, my only guess

I am trying to log to a file instead of syslog, but when I set "puppetdlog = /var/log/puppetd.log", it still logs to syslog. If also set "syslogfacility =", it doesn''t log anywhere. Does this work for anyone else? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to

Hi, I found the zypper provider mentioned on this list in another thread, but it failes with the flowing error : Package[kvm]/ensure: change from 0.11.0-4.5.2 to true failed: Could not update: undefined method `zypper'' for #<Puppet::Type::Package::ProviderZypper:0x7fd1acf9e360> at Is the latest provider broken? Is there interest in making this work / making it complete. I

...dc password replication group DEMLAND\read-only domain controllers DEMLAND\enterprise read-only domain controllers DEMLAND\dnsadmins DEMLAND\dnsupdateproxy DEMLAND\sqlservermssqlserveradhelperuser$server2008 DEMLAND\sqlserver2005sqlbrowseruser$server2008 DEMLAND\copsshuser DEMLAND\vpn users DEMLAND\linuxadmins Yet I cannot access the shared folder on my Linux system. The smbclinet does: root at ubuntu-server:/home/daved/AddToDCScripts# smbclient /192.168.42.163/home/public -U daved Enter daved's password: Connection to 92.168.42.163 failed (Error NT_STATUS_IO_TIMEOUT) When I try to access the shar...

So, I''ve been doing something like this for applications that have a client and server component... node base_node { include syslog_ng::client }} node app_node inherits base_node { } node syslog_server inherits base_node { include syslog_ng::server } ... because I want the client portion, syslog-ng in this case to be installed on everything. However, the server node also has a

I think MJ is using samba with AD backend and Rowland RID. Rowland, try AD backend if your using rid atm. Gr. Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens mj via samba > Verzonden: woensdag 11 oktober 2017 13:25 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Using GPO to mount shares on Linux > > >

No, we haven't been hacked. ;) We have a prospective client who is asking us what our policy is in the event of unauthorized access. Obviously you fix the system(s) that have been compromised, but what steps do you take to mitigate the effects of a breach? What is industry best practice? So far, searches haven't produced anything that looks consistent, except maybe identity monitoring

Hi, Taking this to a new thread. Thoughts on getting a new list started up ? Should it be centos-sysadmin or centos-infra ? Are we going to then restrict it to admin/infra related chatter ? in which case, does the eyeball density on this list reduce for that sort of content ? How about the politics and news stuff that gets posted to this list. And how would those things be addressed with

Wohoo, finaly i could help Rowland :-p ;-) I follow this as guidance: 1 server ( all in one ) use RID, easy to setup etc, but .. If you go to ... Or have plans to.. 2 servers ( DC + a member ) use backend RID if you dont need access with a windows account to a shared home folder. ( cifs or nfs ) you use a dedicated local "linuxAdmin" for maintanace. ( often the first created