similar to: WinXP allows login to expired/forbidden accounts

Hi, We're using Samba 2.2.2 as a PDC for W2k and XP clients. We have two types of users - "regular" users and "management". The problem I have is to allow only the "management" users to login from certain stations, and deny the login rights to regular users. That is, I need the ability do set per-station login permissions. Is there a way to do this using samba

win2k has cache too. So how it's different? Jooel > > Hi, > I've stumbled upon this problem while trying to limit access to > specific machine to specific domain users. I did it by setting Samba to > obey PAM restrictions, and then using the pam_access PAM module > ('account' clause) to do user validation (described below). > > On Win2000,

Hi all, let me describe my environment and problem. System is RHEL 5.6 with latest stable OpenSSH. In sshd_config is defined "AllowGroups sshusers" but I need limitation to some of users in group to have access only from defined IP address. As I know this can be setup in sshd_config only for AllowUsers, but users in group are changed so I must use allowgroups instead of allowusers.

Having a difficult problem getting my pam_access.so module enforced on a 3.0.22 version of Samba. Here is my /etc/pam.d/samba file: auth required pam_winbind.so debug account required pam_access.so account sufficient pam_winbind.so debug account include system-auth session include system-auth session required pam_winbind.so debug My

Hi, I am having a strange problem, where I cannot get pam_access to work as intended. I have placed the following line in /etc/pam.d/system-auth account required /lib/security/pam_access.so Then, in /etc/security/access.conf, I have put the following line: -:mok:10.14.44.104 I.e. I should prevent myself from logging on from host 10.14.44.104. However, when I try to log on (using

I do not have any ideas on this. Where should I start. [root at 192.168.1.80 security]# date && time ssh -v 192.168.1.21 date Fri May 23 11:43:53 EDT 2008 OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 debug1: Reading configuration data /root/.ssh/config debug1: Applying options for 192.168.1.21 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1:

Hi folks, I want to restrict root access via ssh to certain (internal) hosts. That is what pam_access.so is for, I thought, so I configured: in /etc/security/access.conf I added (nothing in there before): + : root : 192.168.123.0/24 10.72.0.0/16 - : root : ALL in /etc/pam.d/ssh I added at the end: account required pam_access.so Then I restarted the ssh server. Basically, this kinda works.

I just realised that pam_access no longer works under CentOS6 - or it works differently from CentOS5. Under CentOS5, I used this configuration to restrict access to root only: # cat /etc/security/access.conf + : root : ALL - : ALL : ALL # cat /etc/pam.d/system-auth-ac ... account required pam_access.so account required pam_unix.so account sufficient pam_localuser.so

On 6/11/19 3:49 AM, Martin Kletzander wrote: > This filter caches the last result of the extents() call and offers a nice > speed-up for clients that only support req_one=1 in combination with plugins > like vddk, which has no overhead for returning information for multiple extents > in one call, but that call is very time-consuming. > > Quick test showed that on a fast

Hi When I enable a box to do authentication using LDAP it breaks cron for users like jboss. I get the following in /var/log/secure Sep 14 15:25:01 exoipatest01 crond[7214]: pam_access(crond:account): access denied for user `jboss' from `cron' I have the following in /etc/ldap.conf nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,tomcat,radiusd,news,mailman,nscd,jboss

Hi all I have system with Redhat Enterprise Server 4.0 with SAMBA 3 . i want to configure samba 3 with LDAP, to integrate LDAP with PAM , it's not working, ie i am unable to join clients to the samba server and when i type the following command it's does not show any thing getent passwd | grep Administrators My windows clients, cannot join to the SAMBA PDC, ie when i give the domain,

seems to mess up the pam for swat. [root at host67 security]# rpm -qf /etc/pam.d/samba samba-3.0.25b-1.el4_6.4 [root at host67 security]# cat /etc/pam.d/samba #auth required /lib/security/pam_stack.so service=system-auth #account required /lib/security/pam_stack.so service=system-auth auth required pam_stack.so service=system-auth account required

hi, i'm using suse 7.3 with samba 2.2.8 as PDC and openldap for authentification in network with wfw-, winnt-, w2k-clients. everything works fine. because not every client has the same configuration (same progs, same path's, hardware...), i got problems, if a user dosn't login from his ordinary workstation, his roaming-profile doesn't work fine. now, how can i force users only

Hello, I'm trying to get Winbind to authenticate users that don't have local accounts on a SAMBA BDC. I have (3) BDCs (1) PDC running OpenLDAP 2.1.23 pass backend and Samba 3.0. These are on RedHat 8.0 systems. 3 BDC are also slave LDAP and 1 master directory server on the PDC. I went through the Samba documentation CH21 and made modifications to the BDCs and PDC as follows:

I read the docs and did the following: smbd, nmbd, winbind all running, also able to get domain user/group info. with "wbinfo". However still can't su, telnet to the linux box with my active directory user account on w2k. Am I missing something? In /lib ------ /lib/libnss_winbind.so /lib/libnss_winbind.so.2 /etc/nsswitch.conf ------------------ passwd: files winbind shadow:

Hi All, I've got winbind happening and can telnet into the box using my NT account (have manually made home directory) and it works a treat. When I try to ssh in I get access denied. As you can see from the log winbind is granting access but it seems that sshd is blocking access before winbind can get to it? That's a guess of course. Any ideas? Matthew

This is more of a pam question then a samba question, but I thought I'd start here and see if I can get an answer. I've gotten pam_winbind.so working with gdm (on RHAT 8) using the following /etc/pam.d/gdm file. I've put + signs to show the lines I added I added to the stock RHAT 8 gdm pam def.: #%PAM-1.0 + auth sufficient /lib/security/pam_winbind.so + auth

I've installed SAMBA, Winbind etc and everything is working great for users to login with GDM using DOMAIN+username Although this is working, now I can no longer login as a generic Linux user (ex. root). The following is my GDM file from /etc/pam.d/gdm I wonder if someone might have a suggestion as to what it's missing to allow Linux users to login? #%PAM-1.0 auth required

I'm struggling just as much as the next person on this setup. Although; I do have it working under Mandrake 9.2 with Samba3.0.pre1. Perhaps we can work together and figure out what is different between setups. smb.conf: > #======================= Global Settings ===================================== > [global] > > # 1. Server Naming Options: > workgroup = LABOR >

I am following the instruction in Samba by Example chapter 6 on a RHEL4 server. Everything seems OK until I get to 6.3.5.7, which says to do the following:- root# getent passwd | grep Adminstrator which returns nothing, indicating that the nsswitch (nss_ldap libary) is not working. I cannot find anything in any of the log files to give my a clue nor any hints on how to debug this. Any