Displaying 20 results from an estimated 800 matches similar to: "Winbind/Samba + sshd incorrect groups"
2002 Feb 15
2
Advice on: sshd[28182]: PAM pam_set_item: NULL pam handle passed
Hi,
Ive got winbind and samba working great (version 2.2.3) on our RH 7.1 box's.
But as we have about 200 users on our domain, we want to restrict ssh
access on our linux box's.
So I created a group on the NT PDC called: Winbind
In this group, Ive only put our developers and us, the sy admins.
In the /etc/ssh/sshd_config, I entered the line: AllowGroups MMEBS+Winbind.
Thus, allowing
2002 Feb 12
4
smb.conf question
While the Samba server is running, does it ever refresh the contents of the smb.conf file, or do you have to restart the server for it to see changes to the smb.conf file? Thanks in advance.
Jeff Rasnick
Software Technologies, Inc.
www.softtechks.com
-------------- next part --------------
HTML attachment scrubbed and removed
2010 Dec 23
2
Multiple AllowGroups entries in sshd_config with Puppet and Augeas
Hi,
After extensively looking into puppet + augeas for managing the
AllowGroups in sshd_config, I came to the conclusion that it won''t
work as I expected :( So I''m sharing my thoughts here.
The main objective is allowing multiple groups per-node, depending on
what the security team wants. Since I want this to be dynamic, I
created a define in a class:
class ssh::server::config
2003 Feb 12
1
((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
Hey everyone,
After discussing the AllowGroups I think I've discovered a bug.
The system is a solaris 8 system and the problem is that when I use
AllowGroups with no AllowUsers args, the proper actions happen. Same
with AllowUsers and no AllowGroups. When I try to combine the two, none
of the Allow directives seem to take.
Is it just me or maybe a bug?
-James
2003 Feb 16
2
AllowUsers Change
Markus, ignore the other stuff I sent.. I need to go back to bed and stop
trying to code.. <sigh>
For everone else.. Will this make everyone happy?
This does the follow.
it will always honor AllowUsers.
If there is no Allow/DenyGroups it stated they are not in allowUsers. IF
there are AllowDenyGroups it tries them. And then stated they are not in
either AllowUsers nor AllowGroups
2023 Mar 02
2
Multiple AllowGroup lines in sshd_config?
Hi!
I'm experimenting with migrating the custom sshd_config settings for our
(Debian bullseye, openssh-server 8.4) server environment into fragments
under sshd_config.d/, and am wondering about sshd's behaviour when
encountering multiple AllowGroup lines.
The manual states "For each keyword, the first obtained value will be
used.", so that gives me the impression that any
2016 Apr 11
1
SerNet - Samba 4.3 and ssh password logins
Hai,
I have
AllowGroups sshlinux, sshwindows
Add at least 1 user in the linux group and at least 1 in the sshwindows group.
Make sure the sshwindows group have a GID.
And make sure the windows user loggin in in ssh als have a UID.
AND for both, UID 1000+ ( which is in debian the default PAM setting ) .
This is base on a "MEMBER" server.
If you do :
getent windowsuser
You
2023 Jun 16
2
using spn with winbind
Hi,
with sssd i can do:
$ ssh user at domain.tld@HOST1
$ id user at domain.tld
$ ls -al /home/domain.tld/user
drwx------ 5 user at domain.tld domain users at domain.tld 103 12. Jun 14:14 .
$ grep AllowGroups /etc/ssh/sshd_config
AllowGroups lokale_gruppe samba_gruppe at domain.tld
When switching to winbind only
$ id user at domain.tld
is working any other command is using user\domain
$ ls -al
2004 Aug 09
1
Question about AllowUsers and AllowGroups
While testing some AllowUsers and AllowGroups combinations I was surprised
to find that one cannot be used to override the other. For example:
AllowGroups administrators
AllowUsers john
If john is *not* part of the administrators group, then access is being denied.
Is this the expected behaviour? This would force me to create another group just
for ssh, something like ssh-admins.
This other
2023 Jun 17
2
using spn with winbind
On 16/06/2023 19:49, Stefan Kania via samba wrote:
> Hi,
>
> with sssd i can do:
> $ ssh user at domain.tld@HOST1
> $ id user at domain.tld
> $ ls -al /home/domain.tld/user
> drwx------ 5 user at domain.tld domain users at domain.tld? 103 12. Jun 14:14 .
> $ grep AllowGroups /etc/ssh/sshd_config
> AllowGroups lokale_gruppe samba_gruppe at domain.tld
>
> When
2011 Aug 15
3
Bug#637923: Tweak to ssh rules to ignore AllowGroups denial
Subject: logcheck-database: Tweak to ssh rules to ignore AllowGroups denial
Package: logcheck-database
Version: 1.3.13
Severity: minor
*** Please type your report below this line ***
Similar to how AllowUsers denials are ignored, also ignore AllowGroups:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of
2012 Aug 10
1
AllowUsers "logic" and failure to indicate bad configuration
I smacked into this previously reported bug today whereby an invalid
keyword in the Match{} stanza did not throw an error on configuration
reload. Are there any plans to fix this? Likewise the penchant for some
fields to be comma separated and others to be spaces is just asking for
mistakes. Why not support both and be done with it? There was no response
(that I saw in the archives) to this post
2005 Mar 14
6
[Bug 999] AllowGroups ,DenyGroups failed to report hostname
http://bugzilla.mindrot.org/show_bug.cgi?id=999
Summary: AllowGroups ,DenyGroups failed to report hostname
Product: Portable OpenSSH
Version: 4.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2011 Jun 30
2
Limit SSH access for users from defined source address
Hi all,
let me describe my environment and problem.
System is RHEL 5.6 with latest stable OpenSSH.
In sshd_config is defined "AllowGroups sshusers" but I need limitation
to some of users in group to have access only from defined IP address.
As I know this can be setup in sshd_config only for AllowUsers, but
users in group are changed so I must use allowgroups instead of
allowusers.
2009 Dec 29
2
[Bug 1690] New: AllowUsers and DenyGroups directives are not parsed in the order specified
https://bugzilla.mindrot.org/show_bug.cgi?id=1690
Summary: AllowUsers and DenyGroups directives are not parsed in
the order specified
Product: Portable OpenSSH
Version: 5.3p1
Platform: ix86
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: trivial
Priority: P2
Component:
2009 Mar 02
31
Using Augeas type to update sshd_config's AllowGroups
Hey gang,
I seem to be having a brain disconnect on how to get the Augeas type to
manage things that have multiple values (i.e. an Augeas tree) via Puppet.
If I run this in augtool:
augtool> set /files/etc/ssh/sshd_config/AllowGroups/1000 sshuser
augtool> save
I see this in /etc/ssh/sshd_config:
AllowGroups sshuser
However, if I try this in an Augeas type:
augeas {
2018 Aug 07
2
id <username> - doesnt list all groups
Thank for your answer:
But i dont know understand why is following not working:
I want to restrict the ssh access for a special domain member:
In my "sshd_config" i added:
AllowGroups restrictaccess root
With user2 im able to login via ssh!
log: pam_krb5(sshd:auth): user user2 authenticated as user2 at ROOTRUDI.DE
With user1 im not!
log: User user1 from 192.168.0.100 not allowed
2020 Sep 28
4
Debian client/workstation pam_mount
The "short" version on why multiple groups here.
For all my member servers apply the following.
This line :
> > AllowGroups servers-ssh sshgroup
There are 2, linux only Admin accounts, ( local accounts )
And, only if these are member of the "local group" sshgroup
then your allowed to login.
Only users that are allowed to login with ssh on these servers
2016 Apr 05
6
SerNet - Samba 4.3 and ssh password logins
Hi everyone,
I have a SerNet-Samba 4.3.6-10 AD which works fine.
Now I try to implement a fileserver. It is a server with a lot of
(old)-users, which have an Unix-Account. On this server are also users
who should can login from the Internet over ssh.
But now I'm running in trouble with the security of my fileserver.
When I would install samba 4.3.6 on it and activate sernet-samba-client
2016 Sep 06
3
Winbind / Samba auth problem after username change
Hi,
before we switched to SSSD we've been implementing the ssh authentication method via Domain using winbind+samba.
Version installed on our machines is (still) 2:4.1.6+dfsg-1ubuntu2.14.04.13. So far everything has been working fine, however
after we had to change a user's logon name in the domain he can't login anymore. auth.log shows still his old username followed by "from