similar to: restrict ssh login by Win2K AD group SOLVED!

I have the winbind login working on FC5 but now logins to local accounts cannot authenticate. My config files are here: http://www.pigeonnier.org/nsswitch.conf http://www.pigeonnier.org/pam.d/ http://www.pigeonnier.org/krb.conf Again, if I try to ssh in as a user that exists only as a local account on the remote host, I am rejected. User msh is -not- a AD account and only exists on the FC5

I have been struggling with getting my Fedora Linux clients to be able to authenticate to a Microsoft AD in the past week and wonder how much of the problem was due to SELinux. My Debian machines can accept AD logins and even create home directories and dot files from /etc/skel. I know FC5 does PAM differently than Debian, but I'm wondering, does anyone on this list have winbind logins to FC5

Thanks to Anthony Ciarochi at Centeris for this solution. I have a Centos (Red Hat-based) server that is now accessible to AD users AND local users via ssh. I can control which AD groups can login using the syntax below. Red Hat-based distros use "pam_stack" in pam.d which is quite different than Debian's "include" based pam.d, cat /etc/pam.d/sshd #

Hi *, according to RfC4314 the rights argument to the setacl command might be an empty string ("zero right characters"): The third argument is a string containing an optional plus ("+") or minus ("-") prefix, followed by zero or more rights characters. existing clients (horde in particular) actually use this to remove all rights from an user. Currently

Hi, In dovecot 1.1, I could use DICT_ITERATE_FLAG_RECURSE when iterating over a dict to retrieve all entries that start with a given prefix. This doesn't seem to work anymore in the new dict implementation in dovecot 1.2. Looking at the SQL queries actually generated, it seems as if dovecot 1.1 used to generate queries that use pattern matching (key LIKE "my/prefix/%") whereas

Everyone, With many thank to Jerry, my cross domain authentication is now working. This leads to a new problem. I cannot get samba to authenticate a remote domain user in a Universal group to authenticate properly. Here are the details: USTR-LINUX-1:~ # wbinfo --name-to-sid=NA\\USTR-LINUX-1-REDHAT-READ S-1-5-21-725345543-2052111302-527237240-349134 Domain Group (2) USTR-LINUX-1:~ # wbinfo

Hello community, I''m new to rubyonrails and to this Forum. I have to call 2 Fields, generated by ruby, from a javafunction (onSubmit) but when I use this example it didn''t work, why? <%= start_form_tag({:action=> "show"}, { :onSubmit =>"post[testfieldone].value=examplefunction(post[textfieldtwo].value+post[textfieldthree].value);" }) %>

Hi, I've been working on a patch for dovecot 1.2 from the Kolab branch (http://hg.intevation.org/kolab/dovecot-1.2_kolab-branch/) that implements listing of shared namespaces. I've got something that works in some basic way but is still missing some pieces. See the attached patch, which also contains some installation and configuration notes. Implementation notes: One of the main

Hi all, I've configured a system to authenticate with an AD 2k3 domain (all domain controllers have SP1) using winbind. I have joined the server to the domain as well. I created some shares to work with AD groups. Here's a quick snippet of a share from my smb.conf file: [test] comment = test share for winbind testing path = /u01/test write list =

Hi, I have two issues with the --bwlimit parameter to rsync which are not mentioned in the FAQ (please correct me if I am wrong): 1. When both an rsync client and an rsync daemon specify the --bwlimit parameter, the client's value overrides the server's value. This could be used in a DOS attack if the client uses a larger value than the server intended. The documentation also is

Hi all I am trying to get windows AD logins to work with Fedora 8/9 linux.I had the same setup working well with fedora 7 , but with fedora 8/9 the problem is whenever I do "getent passwd 'username'" the login shell is listed as /bin/false and users cannot login , even though I have set it to use template shell= /bin/bash in the smb.conf configuration file. Also I have made

Folks, Maybe it's me, or my systems, but I've found that idmap restore simply doesn't work under samba-3.0.25rc3. When I try to import the idmap.dump file I create from one of my older systems into a fresh 3.0.25rc3 installation, I get a huge stream of errors along the line of "could not set mapping of (UID|GID) to sid xxxxx". This happened whether I was using

Hi All My system is Freebsd 5.4 and Samba 3.0.21a. I am using ADS for system security. In my smb.conf, I create a share like that. [Test2] comment = Test path = /usr/tmp/ valid users = @"Domain Admins",@"Domain\myaccount" The domain administrator can access the share folder, but I can't. It keeps asking me the username and password. The samba is

I have been unable to find what version of Samba is running on a particular HP/UX server. The information is not included in the ../samba/lib/smb.conf where I am used to finding it. Also, I can not tell what port they have configured on this box any tips? John R. James, Jr. Unix Engineer PTSRICT Team Acxiom, Corporation (501) 342-0455

Hello, I've come across a fairly unique situation and after much searching have not found a solution. I thought I would see if anyone here has had any experience with this before. I have a location with two ADS domains with a two-way trust configured. -For this example I will call them corp.company.com and bst.company.com. -I have a FreeBSD client running Samba version three -I want to

It's been a long journey, bear with me. we have multiple domains, that have interdomain trusts in separate forests. I can successfully authenticate via "wbinfo -A A\\userA" and "wbinfo -A B\\userB"; same with -K. The host is joined do AD "A". UserA can authenticate successfully and get a shell. However I desire B\\UserB to also be able to login as well.

I have users from Domain A trying to browse a domain member samba server in Domain B. Domain A and Domain B are both Windows 2k domains. Domain B has a one way trust to A. A users can browse Domain B Windows server with no problem so I no the trust is fine. Samba version is 3.0.21b on RH Linux ES 3. The winbindd log is giving me the following error: [2006/02/16 08:28:50, 0]

Hi folks, After some more trial and error, I was able to get a bit further in the game with the permission issues I had (previous message was titled 'Samba permissions...) Now I'm able to get onto the system, browse and read/copy/delete files off of the shares. What I can't do is put stuff on because I get a locking error. The setup is as follows: Server 1 -->

Ok, so there is not a problem with SElinux and Samba. But it is a pain to set up so it will work right. I finally figured out how to set up SE and Samba so you can be able to write and delete files. I found in one of that man pages "man samba_selinux", you can just disable SE for samba. I am sure there are other ways also but this is what I have found so far. I tried to just

Hi, I use CentOS4 (RHEL4) and it seems that I was using /var/lib/samba for storing the .tdb files. Then I compilled the fedora .src.rpm from samba.org and it points now to /var/cache/samba I will build tonight the .rpm from the .tar.gz and see which directory samba choose for the .tdb files in CentOS4. Anyone can confirm this list of distro/.tdb directory: Fedora: /var/cache/samba CentOS4: