search for: userxyz

I have winbindd running. I run wbinfo -a userXYZ%pass and it succeeds Now I want to know if userXYZ is in group "monkeys", but I dont want to have to have to map anything. Is this possible? Is there a way to just say "give me the windows group names that userXYZ is in?" or "is userXYZ in windows group name 'monkeys...

...too. You do either (username and) password-based authentication, or you use an existing kerberos cache for that. This was formerly acquired interactively via username/password, and that way you have something like a single sign-on. This is what works so far: 1. log in as the domain user 'userxyz' (id=12345) via ssh to a Linux member server -> the kerberos cache file is created in /tmp ("krb5cc_12345_afcdeb") 2. while the user is logged in (and the cache exists), use this command to mount his home share (as root): # mount.cifs //server/home/userxyz /home/userxyz -o sec=...

hi, my scenario is this: i have a cgi (on host1) that executes ssh (as userxyz) to a remote server (host2), executes a command to retrieve some data and outputs them to the local browser. on host1: #!/usr/bin/perl -w ... $output = `/usr/local/bin/ssh -l userxyz -x host2 ls -l` ... but i get "Host Key Verification failed" on my apache's error_log. i can do it...

...ication, or you use an >> existing kerberos cache for that. This was formerly acquired interactively >> via username/password, and that way you have something like a single >> sign-on. >> >> This is what works so far: >> >> 1. log in as the domain user 'userxyz' (id=12345) via ssh to a Linux >> member server -> the kerberos cache file is created in /tmp >> ("krb5cc_12345_afcdeb") >> 2. while the user is logged in (and the cache exists), use this command to >> mount his home share (as root): >> # mount.cifs //...

...This was formerly acquired >>>> interactively >>>> via username/password, and that way you have something like a single >>>> sign-on. >>>> >>>> This is what works so far: >>>> >>>> 1. log in as the domain user 'userxyz' (id=12345) via ssh to a Linux >>>> member server -> the kerberos cache file is created in /tmp >>>> ("krb5cc_12345_afcdeb") >>>> 2. while the user is logged in (and the cache exists), use this command >>>> to >>>> mount h...

...and) password-based authentication, or you use an > existing kerberos cache for that. This was formerly acquired interactively > via username/password, and that way you have something like a single > sign-on. > > This is what works so far: > > 1. log in as the domain user 'userxyz' (id=12345) via ssh to a Linux > member server -> the kerberos cache file is created in /tmp > ("krb5cc_12345_afcdeb") > 2. while the user is logged in (and the cache exists), use this command to > mount his home share (as root): > # mount.cifs //server/home/userxyz...

...UID),uid=%(USERUID),gid=someLiteralGroupID,nosuid,nodev" /> But this wouldn't work initially, I got the # mount error(126): Required key not available However, once the respective user had logged in, I could use these parameters for a manual mount as root: # mount.cifs //server/home/userxyz /home/userxyz -o sec=krb5,cruid=uid_of_userxyz,uid=uid_of_userxyz,gid=someGroupID In another attempt, I could also hard code the "cruid=12345" for pam_mount, and then log into the same machine twice. The second time the home share was mounted correctly So I figured, that PAM should d...

...ing kerberos cache for that. This was formerly acquired >>> interactively >>> via username/password, and that way you have something like a single >>> sign-on. >>> >>> This is what works so far: >>> >>> 1. log in as the domain user 'userxyz' (id=12345) via ssh to a Linux >>> member server -> the kerberos cache file is created in /tmp >>> ("krb5cc_12345_afcdeb") >>> 2. while the user is logged in (and the cache exists), use this command >>> to >>> mount his home share (as ro...

...This was formerly acquired >>>> interactively >>>> via username/password, and that way you have something like a single >>>> sign-on. >>>> >>>> This is what works so far: >>>> >>>> 1. log in as the domain user 'userxyz' (id=12345) via ssh to a Linux >>>> member server -> the kerberos cache file is created in /tmp >>>> ("krb5cc_12345_afcdeb") >>>> 2. while the user is logged in (and the cache exists), use this command >>>> to >>>> mount h...

>> I mean, putting the key in the keytab looks like a security risk to me. > In what way does it appear any more of a risk than having the keys > which you have there already? Even if someone steals the keytab, > they're gonna be hard pressed to crack the key in the few hours before > the tgt expires. Do you have very sensitive data maybe? Ok. And maybe I misunderstood

...t;>>> interactively > >>>> via username/password, and that way you have something like a single > >>>> sign-on. > >>>> > >>>> This is what works so far: > >>>> > >>>> 1. log in as the domain user 'userxyz' (id=12345) via ssh to a Linux > >>>> member server -> the kerberos cache file is created in /tmp > >>>> ("krb5cc_12345_afcdeb") > >>>> 2. while the user is logged in (and the cache exists), use this > command > >>>> to...

...high BW utilization - replication issue messages: [2020/10/21 17:41:55.043563,? 0] ../../source4/rpc_server/drsuapi/getncchanges.c:2910(dcesrv_drsuapi_DsGetNCChanges) ? ../../source4/rpc_server/drsuapi/getncchanges.c:2910: DsGetNCChanges 2nd replication on DN DC= older highwatermark (last_dn CN=userXYZ,OU=Users,DC=) and this is happening only on one DC server in time - the one, to which this AD connector is connected for doing AD to AAD sync tasks. More details: CPU: mostly only one CPU core from all system-assigned cores is utilized at 100%: BW utilization: you can see example here (peak...

Hello, I have a big Problem here: samba 3.5.6, LDAP, 200+ Users. Some users can't logon to a share anymore, where they still could login last week. net rpc user info userxyz gives the groups group1 ... group8 but not the group group9 but net rpc group members group9 gives me ....... domain\userxyz ....... So, the user is a member of the group9, but his membership is not listet in net rpc user info. So it could explain while access is denied. But what's the rea...

...upID,nosuid,nodev" > /> > > But this wouldn't work initially, I got the > # mount error(126): Required key not available > > However, once the respective user had logged in, I could use these > parameters for a manual mount as root: > # mount.cifs //server/home/userxyz /home/userxyz -o > sec=krb5,cruid=uid_of_userxyz,uid=uid_of_userxyz,gid=someGroupID > > In another attempt, I could also hard code the "cruid=12345" for > pam_mount, and then log into the same machine twice. The second time > the home share was mounted correctly > &gt...

...is created with permission user1.user1, and not user1.groupfoo, therefore, other users belonging to groupfoo cannot edit or delete that file. I read smb.conf manual, but found no option to enforce that if the top directory belongs to root.groupfoo all files created under there will belong to "userxyz.groupfoo", so I set on the filesystem each of those 3 directories to be setgid, so now every file created under, say, /groupbar (belongs to root.groupbar), has this permission: userabc.groupbar. I would like that the file/directory created belongs to the user executing the operation, and to th...

I have Postfix/Dovecot/postfixadmin/MySQL with several virtual mailbox domains one of the domains is like aname.com.au, the user also now has aname.com, and, would like to 'mirror' most of the addresses to be user at aname.com, THOUGH, some are to remain as user2 at aname.com.au so, both user at aname.com as well as user at aname.com.au should be one user the users retrive emails as

...> [2020/10/21 17:41:55.043563,? 0] >> ../../source4/rpc_server/drsuapi/getncchanges.c:2910(dcesrv_drsuapi_DsGetNCChanges) >> >> ? ../../source4/rpc_server/drsuapi/getncchanges.c:2910: DsGetNCChanges >> 2nd replication on DN DC= older highwatermark (last_dn >> CN=userXYZ,OU=Users,DC=) >> >> >> and this is happening only on one DC server in time - the one, to >> which this AD connector is connected for doing AD to AAD sync tasks. >> >> More details: >> >> CPU: mostly only one CPU core from all system-assigned cores is...

Setup dovecot sync along the lines of (https://wiki2.dovecot.org/Replication). I am doing one way replication. The initial full replication happened without issue, but now I'm seeing these errors on the slave server: doveadm: Warning: /data/mail/foo/bar/Maildir/dovecot-uidlist: Duplicate file entry at line 26397: 1562173159.M215923P17350.mxp,S=2290,W=2339 (uid 143128 -> 143142) Warning:

...plication issue messages: > [2020/10/21 17:41:55.043563,? 0] > ../../source4/rpc_server/drsuapi/getncchanges.c:2910(dcesrv_drsuapi_DsGetNCChanges) > ? ../../source4/rpc_server/drsuapi/getncchanges.c:2910: DsGetNCChanges > 2nd replication on DN DC= older highwatermark (last_dn > CN=userXYZ,OU=Users,DC=) > > > and this is happening only on one DC server in time - the one, to > which this AD connector is connected for doing AD to AAD sync tasks. > > More details: > > CPU: mostly only one CPU core from all system-assigned cores is > utilized at 100%: > &g...

...gt;>>> ../../source4/rpc_server/drsuapi/getncchanges.c:2910(dcesrv_drsuapi_DsGetNCChanges) >>>> >>>> ? ../../source4/rpc_server/drsuapi/getncchanges.c:2910: >>>> DsGetNCChanges 2nd replication on DN DC= older highwatermark >>>> (last_dn CN=userXYZ,OU=Users,DC=) >>>> >>>> >>>> and this is happening only on one DC server in time - the one, to >>>> which this AD connector is connected for doing AD to AAD sync tasks. >>>> >>>> More details: >>>> >>>>...