similar to: pam_access

Hi, I am having a strange problem, where I cannot get pam_access to work as intended. I have placed the following line in /etc/pam.d/system-auth account required /lib/security/pam_access.so Then, in /etc/security/access.conf, I have put the following line: -:mok:10.14.44.104 I.e. I should prevent myself from logging on from host 10.14.44.104. However, when I try to log on (using

Hi folks, I want to restrict root access via ssh to certain (internal) hosts. That is what pam_access.so is for, I thought, so I configured: in /etc/security/access.conf I added (nothing in there before): + : root : 192.168.123.0/24 10.72.0.0/16 - : root : ALL in /etc/pam.d/ssh I added at the end: account required pam_access.so Then I restarted the ssh server. Basically, this kinda works.

I just realised that pam_access no longer works under CentOS6 - or it works differently from CentOS5. Under CentOS5, I used this configuration to restrict access to root only: # cat /etc/security/access.conf + : root : ALL - : ALL : ALL # cat /etc/pam.d/system-auth-ac ... account required pam_access.so account required pam_unix.so account sufficient pam_localuser.so

Having a difficult problem getting my pam_access.so module enforced on a 3.0.22 version of Samba. Here is my /etc/pam.d/samba file: auth required pam_winbind.so debug account required pam_access.so account sufficient pam_winbind.so debug account include system-auth session include system-auth session required pam_winbind.so debug My

Hi, I've stumbled upon this problem while trying to limit access to specific machine to specific domain users. I did it by setting Samba to obey PAM restrictions, and then using the pam_access PAM module ('account' clause) to do user validation (described below). On Win2000, this works fine - if an unauthorized user tries to login, Win2000 says 'Account not permitted to

Hi When I enable a box to do authentication using LDAP it breaks cron for users like jboss. I get the following in /var/log/secure Sep 14 15:25:01 exoipatest01 crond[7214]: pam_access(crond:account): access denied for user `jboss' from `cron' I have the following in /etc/ldap.conf nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,tomcat,radiusd,news,mailman,nscd,jboss

the new cron in 4.2 activates the pam access module. if you have been using that to control ssh access or other things, now suddently cron is going to use it as well. this only seems to affect user crontabs and crontabs in /etc/cron.d. from some digging around i was able to determine that cron sets the tty to 'cron', so you can just add a line like: +:ALL:cron to

hi, i'm using suse 7.3 with samba 2.2.8 as PDC and openldap for authentification in network with wfw-, winnt-, w2k-clients. everything works fine. because not every client has the same configuration (same progs, same path's, hardware...), i got problems, if a user dosn't login from his ordinary workstation, his roaming-profile doesn't work fine. now, how can i force users only

Hi, I have a Debian Stretch system running a self-compiled version 4.7.3 of Samba. Having followed the Samba WiKi to allow AD users to log onto the servers using PAM authentication, I now want to restrict access to specified group(s). So I created a linuxadmins group and made some test users members of the group. Initially I tried to restrict access by modifying /etc/security/access.conf

Hi Daniel, Just in the moment you replied my message, I was rewriting it as I hadn't noticed it hadn't a correct format. Sorry for that and thanks for answering it anyway. > ./prog <option1> | ( <option2> --arg1 --arg2) | ( <option3> --arg1 ) > Yes, that is exactly what I need. It's a pity commandLine doesn't implement that possibility. So I will do what

win2k has cache too. So how it's different? Jooel > > Hi, > I've stumbled upon this problem while trying to limit access to > specific machine to specific domain users. I did it by setting Samba to > obey PAM restrictions, and then using the pam_access PAM module > ('account' clause) to do user validation (described below). > > On Win2000,

well i discoverd, HL uses waveIn, which is a part of the DirectSound ... so ... is there a Wine binding for waveIN ? - -moritz angermann

On Fri, 1 Dec 2017 17:06:42 -0000 Roy Eastwood via samba <samba at lists.samba.org> wrote: > Hi, > I have a Debian Stretch system running a self-compiled version 4.7.3 > of Samba. Having followed the Samba WiKi to allow AD users to log > onto the servers using PAM authentication, I now want to restrict > access to specified group(s). So I created a linuxadmins group and

On Sun, 17 Apr 2016, Michael Hennebry wrote: > On Sun, 17 Apr 2016, Michael Hennebry wrote: > >> I have an HP Photosmart C3180 All-in-one. >> As I haven't had any need for color lately, >> when I last replaced ink, I only replaced the black cartridge. >> It didn't work, even when printing grayscale-only images, >> even when telling print-set-up

Hello list I've a peculiar request (not really related to a samba system problem) In the beginning of the year I asked for help to this list, and exchanged emails with many users, to solve an issue (samba vs AD2k3) . I exchanged many emails trying different commands and sending many results of these commands. Unfortunately I did not changed all assigned usernames with anonymous ones. No a

On Fri, 2017-12-01 at 18:04 +0000, Roy Eastwood via samba wrote: > > -----Original Message----- > > From: Rowland Penny [mailto:rpenny at samba.org] > > Sent: 01 December 2017 17:40 > > To: samba at lists.samba.org > > Cc: Roy Eastwood > > Subject: Re: [Samba] Restricting AD group logging on to Servers > > > > On Fri, 1 Dec 2017 17:06:42 -0000 >

> -----Original Message----- > From: Rowland Penny [mailto:rpenny at samba.org] > Sent: 01 December 2017 17:40 > To: samba at lists.samba.org > Cc: Roy Eastwood > Subject: Re: [Samba] Restricting AD group logging on to Servers > > On Fri, 1 Dec 2017 17:06:42 -0000 > Roy Eastwood via samba <samba at lists.samba.org> wrote: > > > Hi, > > I have a

Hello, I have attached a small patch that enables OpenSSH 4.7p1 to use netgroups for users and hosts entries in the AllowUsers and DenyUsers configuration options in sshd_config. This has the following advantages: * hostnames or ip addresses don't have to be maintained in sshd_config, but you can use meaningful names for groups of users and groups of hosts. * large scale installations can

Hi All, I'm about to clean and re-initialize a Maxtor 160GB disk that shows a weird problem but I think I've found a bug in RELENG_4_7 somewhere so if preserving my disk can help conquer one more bug I'm happy to wait a couple of days and help solve that bug. Here's the story: While upgrading from 4.3-STABLE to 4.7p4 and at the same time reorganizing my vinum volumes I copied

Hi Daniel, I would like to go deeper with CommandLine and I was asking if you could help me again. Look, following the same example you put in the last message: ./prog <option1> | ( <option2> --arg1 --arg2) | ( <option3> --arg1 ) What I really really want is the same except I don't want the "--" prefix is present in any of the arguments. ./prog <option1>