similar to: Samba selectively obeying pam restrictions

Hi, I've stumbled upon this problem while trying to limit access to specific machine to specific domain users. I did it by setting Samba to obey PAM restrictions, and then using the pam_access PAM module ('account' clause) to do user validation (described below). On Win2000, this works fine - if an unauthorized user tries to login, Win2000 says 'Account not permitted to

Hi, I am having a strange problem, where I cannot get pam_access to work as intended. I have placed the following line in /etc/pam.d/system-auth account required /lib/security/pam_access.so Then, in /etc/security/access.conf, I have put the following line: -:mok:10.14.44.104 I.e. I should prevent myself from logging on from host 10.14.44.104. However, when I try to log on (using

Hi folks, I want to restrict root access via ssh to certain (internal) hosts. That is what pam_access.so is for, I thought, so I configured: in /etc/security/access.conf I added (nothing in there before): + : root : 192.168.123.0/24 10.72.0.0/16 - : root : ALL in /etc/pam.d/ssh I added at the end: account required pam_access.so Then I restarted the ssh server. Basically, this kinda works.

I just realised that pam_access no longer works under CentOS6 - or it works differently from CentOS5. Under CentOS5, I used this configuration to restrict access to root only: # cat /etc/security/access.conf + : root : ALL - : ALL : ALL # cat /etc/pam.d/system-auth-ac ... account required pam_access.so account required pam_unix.so account sufficient pam_localuser.so

Hi When I enable a box to do authentication using LDAP it breaks cron for users like jboss. I get the following in /var/log/secure Sep 14 15:25:01 exoipatest01 crond[7214]: pam_access(crond:account): access denied for user `jboss' from `cron' I have the following in /etc/ldap.conf nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,tomcat,radiusd,news,mailman,nscd,jboss

hi, i'm using suse 7.3 with samba 2.2.8 as PDC and openldap for authentification in network with wfw-, winnt-, w2k-clients. everything works fine. because not every client has the same configuration (same progs, same path's, hardware...), i got problems, if a user dosn't login from his ordinary workstation, his roaming-profile doesn't work fine. now, how can i force users only

the new cron in 4.2 activates the pam access module. if you have been using that to control ssh access or other things, now suddently cron is going to use it as well. this only seems to affect user crontabs and crontabs in /etc/cron.d. from some digging around i was able to determine that cron sets the tty to 'cron', so you can just add a line like: +:ALL:cron to

I've discoverd when I add the line pam_access for access authentication, It always denys a login, even when access.conf accepts everything. I've tested this with other programs, and they work okay. Any ideas?

I'm using Dovecot 2.1.15. I need to require encryption and only secure auth on public addresses, but allow plaintext auth over an unencrypted connection on localhost. I have so far (excerpts from `doveconf -a`): auth_mechanisms = cram-md5 plain disable_plaintext_auth = yes listen = service imap-login { inet_listener imap-local { address = ::1 port = 143 ssl = no }

I have the following share in my smb.conf : [cdrom] comment = Samba server's CD-ROM writable = no locking = no path = /media/cdrecorder public = yes When I go to that share from a Windows workstation it does still lock as you can see: [root@pc843 ~]# lsof | grep cdrecorder smbd 9647 root 20w DIR 22,0 2048 1792 /media/cdrecorder smbd

here is the situation i am using htb.init with fwmark to do QoS. i have 2 parent classes with RATE=CEIL which then have some leafs each on his own. the first one works fine (it shapes the packets to the specified rate) class htb 1:21 root rate 1Mbit ceil 1Mbit burst 2909b cburst 2909b Sent 631520262 bytes 651550 pkts (dropped 0, overlimits 0) rate 131573bps 141pps lended: 380595 borrowed: 0

Sorry Andrew, I forgot to send to the list. -------- Original Message -------- Subject: Re: [Samba] CIFS Mount Obeying ACLs Date: Wed, 27 Feb 2013 09:32:48 +0100 From: steve <steve at steve-ss.com> To: Andrew Martin <amartin at xes-inc.com> On 27/02/13 01:03, Andrew Martin wrote: > Hello, > > I have configured a Samba 3 fileserver (on Ubuntu 12.04) joined to a Samba

Okay, so I have an Active Directory server running on Windows Server 2012 Standard I have configured Samba/Kerberos/Winbind on Ubuntu 13.04 to bind to the DC properly. I am able to login with my Active Directory users credentials. When I use the 'require_membership_of' option in pam.d/common-auth for winbind.so using the SID of the group I want to restrict access to, it works like a charm.

Hi, I have a Debian Stretch system running a self-compiled version 4.7.3 of Samba. Having followed the Samba WiKi to allow AD users to log onto the servers using PAM authentication, I now want to restrict access to specified group(s). So I created a linuxadmins group and made some test users members of the group. Initially I tried to restrict access by modifying /etc/security/access.conf

Hi all, let me describe my environment and problem. System is RHEL 5.6 with latest stable OpenSSH. In sshd_config is defined "AllowGroups sshusers" but I need limitation to some of users in group to have access only from defined IP address. As I know this can be setup in sshd_config only for AllowUsers, but users in group are changed so I must use allowgroups instead of allowusers.

Hi List, I have an unusual problem concerning the Windows XP "Rotate" image explorer shell extension. I have a share called "Archives" defined with a number of sub-directories. Whilst I have read/write permission to all directories, I am unable to use the Windows XP "Rotate Clockwise" or "Rotate Counter Clockwise" image command on JPG's contained

I was wrong, the problem persists, it is not because of the DNS. You have the same configuration as me, but with two domains controller ? On 07/06/2016 18:05, Alexis RIES wrote: > I think I found my problem, when configuring my second domain > controller, I have created by mistake a round robin DNS entry on > "Forward Lookup Zones -> ad.samdom.local". > I speak of

On 07/06/16 17:05, Alexis RIES wrote: > I think I found my problem, when configuring my second domain > controller, I have created by mistake a round robin DNS entry on > "Forward Lookup Zones -> ad.samdom.local". > I speak of round-robin because I have two fields A pointing to the > same domain > > Now I'm lost, you have a second domain controller in

I put the usermapping but this does not solve the problem. I do not use libpam_winbind and libpam-krb5 because I did not need to log in server using domain accounts, it seems to me that this is not mandatory, you confirm ? Here are the permissions of the file /etc/krb5.keytab: root at smb1:/home/adminlocal# ls -l /etc/krb5.keytab -rw------- 1 root root 2312 Jun 7 14:44 /etc/krb5.keytab Avahi

Hi, I used the DNS management console, right click on zone and "export list". I use Bind9, and yes it is configured. Alexis. On 07/06/2016 18:29, Rowland penny wrote: > On 07/06/16 17:05, Alexis RIES wrote: >> I think I found my problem, when configuring my second domain >> controller, I have created by mistake a round robin DNS entry on >> "Forward Lookup