similar to: Auditing user/group management

Hi, I'd like to know if any of you have ever implemented Samba 3 with OpenLDAP multimaster (using syncrepl, maybe) or Fedora-DS. The basic idea would be: - WAN link dies, the remote office's BDC would promote itself to PDC (using some kind of monitoring script), and will start accepting changes to the user base. Also, some change to the local WINS server would be necessary. - WAN link

I am running vsftp pretty much 'out of the box', though I turned off IPv4 and have it listening on IPv6. I have stopped ip6tables, as the simple rule to enable port 21 is not allowing gftp to connect (pasv mode, I think). gftp to the IPv6 address, it connects and gets a directory listing. I am running gftp from my normal login userid, connecting to my normal login userid on the

Hiya, I'm trying to set up a Samba PDC with an LDAP backend. I experienced problems joining machines to domains, the machine account was created, but Windows said user name cannot be found. I resolved this by adding ldap to /etc/nsswitch.conf, but this has the side effect of allowing ldap users to login to the server via SSH. Whilst I can understand the need for LDAP users to be accessible

Hi all, Has anyone been able to get local groups support with a Samba Server through winbindd? Specifically, i am able to store several SIDs in sambaSIDList, but i can't get winbind working to retrieve (or expand) its members. Is Winbindd supposed to work _only_ with NT servers? -- Carlos Eduardo Pedroza Santiviago Analista de Suporte <carlos@prognus.com.br> Prognus Solu??es Livres

Hi, I have a domain using LDAP backend, and recently we've managed to establish a trust relation with another domain in our network, which uses a pure NT4 server. After that, some accounts from the trusted domain started being created in our base. The user created doesn't have the same attributes as a valid user (he doesn't have sambaSamAccount, for example). But for auditing

Hi, just wondering if there was a way to boot while ignoring sysctl.conf... A colleague messed up one parameter, that ended up crashing the server at boot time. Booting in single was not helping. Fixed it by booting on a live CD and modifying the sysctl file but, it would be convenient to know if there was a kernel parameter to add to the grub entry or something to bypass it... But I see it is

Hi, Recently, i worked in a pilot project to migrate a NT4 Domain to Samba3 + OpenLDAP. They have a quite large user base, approx. 2500 accounts, plus approx. 1800 groups, which 200 are local groups. Unfortunately, we faced some problems, and i'd like to know if anyone has faced them too, and how overcame them: - User Rights and Privileges: This is kinda new in latest Samba release, 3.0.11,

Hello AIX folks, I am changing the packaging of Samba for AIX. Presently Samba is built with a truckload of static libs and bound up in a package that has no other support for the supporting infrastructure. What I'd like to do instead is make as much of the package dependant upon shared libs and to allow for completeness of the package. In other words, BDB, OpenSSL, OpenLDAP, SASL, KRB5,

Hi, Does anyone know of a stable / working "2way authentication" system for SSH, and even web authentication services? Most of the banks in South Africa have a system that, when you want to make a payment, they send you an SMS and you need to verify the action with a secret code which was SMS'd to you. gmail also has this. Does anyone know of a "universal" plugin /

Hi all! I've a running Samba PDC (LDAP backend) with windows clients. All the users are in the LDAP, including the 'guest' user. All except the 'root' user which is a regular user. Then change in the smb.conf ldapsam:trusted = yes ldapsam:editposix = yes and noticed some speed-up when listing groups, look file ownerships, and so on. But I can't add machines to the

I've been working at this for a few days now and I can't figure out what is broken. Google turns up similar issues from years back, but I hope this is a bug resurfacing. ACL entries are being deleted when files are saved. Here is an example: username: user1 group membership: Domain Users directory: /share/test file: test.xls getfacl /share # file: share # owner: DOMAIN+backupuser #

Hi, I'm using BRST timezone (Brazilian East), and AFAIK[1], sambaLogonHours stores it in GMT timezone. IIRC, the NT PDC is comparing with its local time. For example, if the user is allowed to log between 6am to 6pm, it will work with BRST timezone, even usrmgr.exe hours restriction is supposed to be in GMT time. However, when trying to log on a Samba machine, with LDAP backend, it is

Hi all, I've been playing around with the sambaLogonHours attribute to lock down access from some users. This is the real scenario: 1. Admin user "ADM" wants to allow user "foo" only from 6am to 6pm, so he opens his favourite tool usrmgr.exe and set this restriction for user "foo". 2. Next day, some minutes before 8am user "foo" tries to log in, in

Dear Expert, I need to log user's activities (ie. Create, Delete, remove .. etc) .. I have already configured /etc/samba/smb.conf to: syslog = 10 log file = /var/log/samba/%U.%m.log then I try to login as user and remove something there .. but my samba does not log the activities .. please help.. Thanks & Regards Winanjaya *********************** No virus was detected in the

https://bugzilla.mindrot.org/show_bug.cgi?id=1402 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2130 --- Comment #51 from Damien Miller <djm at mindrot.org> --- Retarget to openssh-6.4 -- You are

https://bugzilla.mindrot.org/show_bug.cgi?id=1402 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2188 --- Comment #53 from Damien Miller <djm at mindrot.org> --- Retarget incomplete bugs / feature requests

https://bugzilla.mindrot.org/show_bug.cgi?id=1402 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2226 --- Comment #55 from Damien Miller <djm at mindrot.org> --- Retarget to 6.7 release, since 6.6 was mostly

https://bugzilla.mindrot.org/show_bug.cgi?id=1402 Laurent Bigonville <l.bigonville at edpnet.be> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |l.bigonville at edpnet.be -- You are receiving this mail because: You are watching someone on the CC

https://bugzilla.mindrot.org/show_bug.cgi?id=1402 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2266 --- Comment #57 from Damien Miller <djm at mindrot.org> --- Retarget incomplete bugs to 6.8 release. --

https://bugzilla.mindrot.org/show_bug.cgi?id=1402 Bug 1402 depends on bug 1872, which changed state. Bug 1872 Summary: Support better hash algorithms for key fingerprints (FIPS compat) https://bugzilla.mindrot.org/show_bug.cgi?id=1872 What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED