Displaying 14 results from an estimated 14 matches for "sshgroup".
2020 Sep 26
3
Debian client/workstation pam_mount
Okay, now so I don't get confused.
Yes, /home/WKDOM/tuser16 does exist on the client/workstation.
root at lws4:~# getent group
> root:x:0:
> *..snipped for brevity..*
>
winbindd_priv:x:129:
> sshgroup:x:998:adminlinux
> postfix:x:130:
>
..snipped for brevity..
>
There is no servers-ssh group on the C/W. (I have a server-ssh group
somewhere per Louis' instructions, just not on a C/W.) Should there be a
servers-ssh group on a C/W?
And notice that tuser16 is not a member of "ssh...
2020 Sep 28
4
Debian client/workstation pam_mount
The "short" version on why multiple groups here.
For all my member servers apply the following.
This line :
> > AllowGroups servers-ssh sshgroup
There are 2, linux only Admin accounts, ( local accounts )
And, only if these are member of the "local group" sshgroup
then your allowed to login.
Only users that are allowed to login with ssh on these servers
and are member of the "servers-ssh" group.
Both user...
2020 Sep 27
1
Debian client/workstation pam_mount
The sshgroup exists on the client/workstation:
> root at lws4:~# cat /etc/groups
>
.....................
>
sshgroup:x:998:adminlinux
>
.....................
>
But, on my member server that acts as a fileserver for domain users
(redirected) files there is no "sshgroup" at this time....
2020 Sep 29
0
Debian client/workstation pam_mount
...o:wdn2420systm at gmail.com]
Verzonden: maandag 28 september 2020 23:37
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Debian client/workstation pam_mount
Louis,
You said:
For all my member servers apply the following.?
This line :
> > AllowGroups servers-ssh sshgroup?
?
"apply the following" where????
There are 2, linux only Admin accounts, ( local accounts )
? ?And, only if these are member of the "local group" sshgroup
? ?then your allowed to login.
Not sure I understand here. I have a linux admin user named "adminlinux"...
2020 Sep 26
2
Debian client/workstation pam_mount
Yes, sorry, forgot to include in the last email.
> root at lws4:~# getent passwd tuser16
> tuser16:*:10016:10000:User 16. Test:/home/WKDOM/tuser16:/bin/sh
>
On Sat, Sep 26, 2020 at 9:02 AM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 26/09/2020 14:52, Robert Wooden wrote:
> > First, my use of IP addresses is a force of habit. User at shorthostname
>
2017 Sep 27
2
Users and groups on member server without ssh
Hello,
I've a member server that is working fine as shared folder server (all
shares works and it permissions). My problem is that when I add the
nsswitch winbind entries then the server uses the DC to authenticate even
when I use ssh, so if Samba DC server fails I have problems to login into
the member server.
My nsswitch:
passwd: compat winbind
group: compat winbind
2018 Oct 11
0
Domain Administrator and shares problems
...> not want *any* Samba users logging on with ssh, the template
> homedir =
> /dev/null, and template shell = /bin/nologin.
The other option is, setup a group in windows give it a GID and put the group in ssh.
For example i use it 3 ways, like this:
AllowGroups sftp-customer servers-ssh sshgroup
I use MySecureShell for my SFTP users, and these must exist in the sftp-customers group. ( a windows group with GID )
The servers-ssh is use to allow logins.
The sshgroup is the backup group with only linux members in them, admins only.
Working like that you can control everything from within th...
2018 Oct 10
6
Domain Administrator and shares problems
I suggest to the op check my settings and try it.
Should work.
Not showing the security tab is often an wrong right in the underlaying folder.
So in case of this one, i would check this first.
ls -al /data/
ls -al /data/samba
ls -al /data/samba/profiles
chmod 775 /data/ ! In case of a chmod 770 or 750 make sure you have a group set that is known in windows.
Same for /data/samba
chmod
2020 Sep 11
1
entering password twice
I might be asking this question the incorrect group but, here goes.
I have successfully added a Debian 10 member (workstation) and made the
/etc/pam.d files adjustments per the Debianwiki page
https://wiki.debian.org/AuthenticatingLinuxWithActiveDirectory and Debian
is allowing me to login with AD users and passwords except for one thing. I
have to enter the password twice to login.
Here are the
2010 Dec 27
3
Dovecot - AllowGroups option
Hi,
I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage.
Services like proftpd have:
"AllowGroup ftpgroup"
sshd have
"AllowGroups sshgroup"
And samba have
"valid users = @smbgroup"
But I can't find the correct option in Dovecot (/etc/dovecot/dovecot.conf)
Do anyone have the magic option or a workaround thats doesn't envolve maintaining seperate user databases and password? (I know its needed for samba but b...
2018 Jun 13
0
NSS and group enumeration in CUPS...
...dmin, do note you must have a uid/gid to make this work.
( dont forget to logout and login again )
Check it on linux with : id username
That show the user and groups with GIDS also. Like this.
uid=10002(someuser) gid=10000(domain users) groups=10000(domain users),4(adm),27(sudo),116(lpadmin),1951(sshgroup),10005(remote-webmail),10004(servers-ssh),10008(servers-www),2001(BUILTIN\users)
Running :
kinit Administrator
net rpc rights list privileges SePrintOperatorPrivilege -S $(hostname -f) -k
Shows me :
SePrintOperatorPrivilege:
BUILTIN\Print Operators
NTDOM\Domain Admins
BUILTIN\Administr...
2020 Sep 26
2
Debian client/workstation pam_mount
...gt; #KerberosGetAFSToken no
>
> # GSSAPI options
> GSSAPIAuthentication yes
> GSSAPICleanupCredentials yes
> GSSAPIStrictAcceptorCheck yes
> GSSAPIKeyExchange yes
> GSSAPIStoreCredentialsOnRekey yes
>
> # Allow groups ( samba/windows groepen )
> AllowGroups servers-ssh sshgroup
>
>
>
> # Set this to 'yes' to enable PAM authentication, account processing,
> # and session processing. If this is enabled, PAM authentication will
> # be allowed through the ChallengeResponseAuthentication and
> # PasswordAuthentication. Depending on your PAM config...
2020 Sep 26
2
Debian client/workstation pam_mount
Maybe I am not testing the signin correctly. Here is what I am doing. I
sign into the client/workstation (hereafter referred to as C/W) via ssh as
the local "admin" from another C/W so I can open many terminals to tail log
files. Then "sudo -i" into "root". All testing is run as "root". When I
sign into "root", I see this:
> admin at lws4:~$
2018 Jun 13
3
NSS and group enumeration in CUPS...
I was used (in SambaNT/OpenLDAP) to put on CUPS configuration the
statement (/etc/cups/cups-files.conf):
SystemGroup printops
and add to 'printops' group some users that can manage cups.
Now i'm in AD mode. I'm in 'printops' group:
root at vdmpp1:~# id gaio
uid=10000(gaio) gid=10513(domain users) gruppi=10513(domain