search for: sshgroup

Okay, now so I don't get confused. Yes, /home/WKDOM/tuser16 does exist on the client/workstation. root at lws4:~# getent group > root:x:0: > *..snipped for brevity..* > winbindd_priv:x:129: > sshgroup:x:998:adminlinux > postfix:x:130: > ..snipped for brevity.. > There is no servers-ssh group on the C/W. (I have a server-ssh group somewhere per Louis' instructions, just not on a C/W.) Should there be a servers-ssh group on a C/W? And notice that tuser16 is not a member of "ssh...

The "short" version on why multiple groups here. For all my member servers apply the following. This line : > > AllowGroups servers-ssh sshgroup There are 2, linux only Admin accounts, ( local accounts ) And, only if these are member of the "local group" sshgroup then your allowed to login. Only users that are allowed to login with ssh on these servers and are member of the "servers-ssh" group. Both user...

The sshgroup exists on the client/workstation: > root at lws4:~# cat /etc/groups > ..................... > sshgroup:x:998:adminlinux > ..................... > But, on my member server that acts as a fileserver for domain users (redirected) files there is no "sshgroup" at this time....

...o:wdn2420systm at gmail.com] Verzonden: maandag 28 september 2020 23:37 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] Debian client/workstation pam_mount Louis, You said: For all my member servers apply the following.? This line : > > AllowGroups servers-ssh sshgroup? ? "apply the following" where???? There are 2, linux only Admin accounts, ( local accounts ) ? ?And, only if these are member of the "local group" sshgroup ? ?then your allowed to login. Not sure I understand here. I have a linux admin user named "adminlinux"...

Yes, sorry, forgot to include in the last email. > root at lws4:~# getent passwd tuser16 > tuser16:*:10016:10000:User 16. Test:/home/WKDOM/tuser16:/bin/sh > On Sat, Sep 26, 2020 at 9:02 AM Rowland penny via samba < samba at lists.samba.org> wrote: > On 26/09/2020 14:52, Robert Wooden wrote: > > First, my use of IP addresses is a force of habit. User at shorthostname >

Hello, I've a member server that is working fine as shared folder server (all shares works and it permissions). My problem is that when I add the nsswitch winbind entries then the server uses the DC to authenticate even when I use ssh, so if Samba DC server fails I have problems to login into the member server. My nsswitch: passwd: compat winbind group: compat winbind

...> not want *any* Samba users logging on with ssh, the template > homedir = > /dev/null, and template shell = /bin/nologin. The other option is, setup a group in windows give it a GID and put the group in ssh. For example i use it 3 ways, like this: AllowGroups sftp-customer servers-ssh sshgroup I use MySecureShell for my SFTP users, and these must exist in the sftp-customers group. ( a windows group with GID ) The servers-ssh is use to allow logins. The sshgroup is the backup group with only linux members in them, admins only. Working like that you can control everything from within th...

I suggest to the op check my settings and try it. Should work. Not showing the security tab is often an wrong right in the underlaying folder. So in case of this one, i would check this first. ls -al /data/ ls -al /data/samba ls -al /data/samba/profiles chmod 775 /data/ ! In case of a chmod 770 or 750 make sure you have a group set that is known in windows. Same for /data/samba chmod

I might be asking this question the incorrect group but, here goes. I have successfully added a Debian 10 member (workstation) and made the /etc/pam.d files adjustments per the Debianwiki page https://wiki.debian.org/AuthenticatingLinuxWithActiveDirectory and Debian is allowing me to login with AD users and passwords except for one thing. I have to enter the password twice to login. Here are the

Hi, I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage. Services like proftpd have: "AllowGroup ftpgroup" sshd have "AllowGroups sshgroup" And samba have "valid users = @smbgroup" But I can't find the correct option in Dovecot (/etc/dovecot/dovecot.conf) Do anyone have the magic option or a workaround thats doesn't envolve maintaining seperate user databases and password? (I know its needed for samba but b...

...dmin, do note you must have a uid/gid to make this work. ( dont forget to logout and login again ) Check it on linux with : id username That show the user and groups with GIDS also. Like this. uid=10002(someuser) gid=10000(domain users) groups=10000(domain users),4(adm),27(sudo),116(lpadmin),1951(sshgroup),10005(remote-webmail),10004(servers-ssh),10008(servers-www),2001(BUILTIN\users) Running : kinit Administrator net rpc rights list privileges SePrintOperatorPrivilege -S $(hostname -f) -k Shows me : SePrintOperatorPrivilege: BUILTIN\Print Operators NTDOM\Domain Admins BUILTIN\Administr...

...gt; #KerberosGetAFSToken no > > # GSSAPI options > GSSAPIAuthentication yes > GSSAPICleanupCredentials yes > GSSAPIStrictAcceptorCheck yes > GSSAPIKeyExchange yes > GSSAPIStoreCredentialsOnRekey yes > > # Allow groups ( samba/windows groepen ) > AllowGroups servers-ssh sshgroup > > > > # Set this to 'yes' to enable PAM authentication, account processing, > # and session processing. If this is enabled, PAM authentication will > # be allowed through the ChallengeResponseAuthentication and > # PasswordAuthentication. Depending on your PAM config...

Maybe I am not testing the signin correctly. Here is what I am doing. I sign into the client/workstation (hereafter referred to as C/W) via ssh as the local "admin" from another C/W so I can open many terminals to tail log files. Then "sudo -i" into "root". All testing is run as "root". When I sign into "root", I see this: > admin at lws4:~$

I was used (in SambaNT/OpenLDAP) to put on CUPS configuration the statement (/etc/cups/cups-files.conf): SystemGroup printops and add to 'printops' group some users that can manage cups. Now i'm in AD mode. I'm in 'printops' group: root at vdmpp1:~# id gaio uid=10000(gaio) gid=10513(domain users) gruppi=10513(domain