similar to: Newbie question - force file permission to user's secondary groups.

Hi all, I just installed dovecot-1.0_beta2 and love it! However, I've run into issues using multiple authentication databases. I use both pam (for users on my system) and sql (for virtual users). I've noticed that if I have system user "userabc" and virtual user "userabc at otherdomain.com" (two distinct users) and my "auth default" section contains these

Dear all, We recently upgraded an old samba 3.0.10 to 3.4.6 due to broken quota when moving from Veritas to NFS mounts from a Cellera EMC. Anyway, Our samba passwd backend is a smbpasswd file. This file is generated from a database. Recently we see that some PC clients manage to change the LANMAN field in the smbpasswd file. e.g.

Hello Gang, I''m working on scaling my puppet solution, and I''m deploying multiple masters w/ passenger that are going sit behind a load balancer. If anyone is using these type of setup, would you share how you deal with the SSL certs? I''ve been following Bode''s Blog (http://bodepd.com/wordpress/?p=7), and it''s not working to good for me.

I have winbindd running. I run wbinfo -a userXYZ%pass and it succeeds Now I want to know if userXYZ is in group "monkeys", but I dont want to have to have to map anything. Is this possible? Is there a way to just say "give me the windows group names that userXYZ is in?" or "is userXYZ in windows group name 'monkeys'?" Thanks! - Jeremiah

> > If by "key" you meant keytab then you were right. A keytab is a file > dedicated to contains credentials (https://kb.iu.edu/d/aumh or > http://web.mit.edu/Kerberos/krb5-1.12/doc/basic/keytab_def.html). > > Keytab are used when you want to automate actions which need > authentication. When some automated action requires credentials you > have to provide

hi, my scenario is this: i have a cgi (on host1) that executes ssh (as userxyz) to a remote server (host2), executes a command to retrieve some data and outputs them to the local browser. on host1: #!/usr/bin/perl -w ... $output = `/usr/local/bin/ssh -l userxyz -x host2 ls -l` ... but i get "Host Key Verification failed" on my apache's error_log. i can do it on the command line,

Hi Samba List, I am finding a strange problem between a mount samba directory. Any clues why this is happening? The server side is WD MyBook World Edition II and the export directory is: /shares/internal/Music/ on the client site I am mounting the directory to /mnt/mybook-music the client is an ubuntu server $ uname -a Linux tsunami 2.6.24-22-generic #1 SMP Mon Nov 24 18:32:42 UTC 2008

Mathias, thanks again! This sounds like a very reasonable approach. I know that with remote ssh and public key authentication you can set the limit to a single possible command. is this also possible with AD users? Unfortunately, I don't have 'multiuser' support in my current cifs-utils version 4.8. So I would end up with your designated user being the owner of all the files and

Am 04.11.2015 um 14:49 schrieb mathias dufresne: > 2015-11-04 13:58 GMT+01:00 Ole Traupe <ole.traupe at tu-berlin.de>: > >> Mathias, thanks again! This sounds like a very reasonable approach. I know >> that with remote ssh and public key authentication you can set the limit to >> a single possible command. is this also possible with AD users? >> > I'm

First please note the following is not really linked to your NFS question, it's more related to automation, credentials everywhere and how to secure them a little bit. The point dealing with keytab or credentials in general when used for automation, as these credentials can potentially used by some attacker, is to create dedicated user which can perform only what it is supposed to perform.

So finally here is the solution that works for me. If you have any questions, just ask. I use pam_mount with the following volume definition in the "/etc/security/pam_mount.conf.xml": <volume fstype="cifs" server="server" path="home/%(USER)" mountpoint="/home/%(USER)" sgrp="domain users"

2015-11-04 13:58 GMT+01:00 Ole Traupe <ole.traupe at tu-berlin.de>: > Mathias, thanks again! This sounds like a very reasonable approach. I know > that with remote ssh and public key authentication you can set the limit to > a single possible command. is this also possible with AD users? > I'm interested by the restriction to only one command for users. The only I see that

Very interesting thread! Thank you all for sharing your thoughts and knowledge. Regards Davor -- Skickat från mobilusken! -- ----- Ursprungligt meddelande ----- Från: "Ole Traupe" <ole.traupe at tu-berlin.de> Skickat: ‎2015-‎11-‎04 15:29 Till: "samba at lists.samba.org" <samba at lists.samba.org> Ämne: Re: [Samba] Pam_mount not working with "sec=krb5"

>> I mean, putting the key in the keytab looks like a security risk to me. > In what way does it appear any more of a risk than having the keys > which you have there already? Even if someone steals the keytab, > they're gonna be hard pressed to crack the key in the few hours before > the tgt expires. Do you have very sensitive data maybe? Ok. And maybe I misunderstood

> However, I have two objections at first glance: > a) if you remove AD access for an AD user, this user can't mount samba > shares, because he won't get authenticated correctly (on the Samba file > server sharing the homes), no? Looks correct to me what your saying, But how are you removing ad access from an AD user? > b) if you use NFS, and I tried that, and a user

Hi samba List, I am finding a strange problem between a mount samba directory. Any clues why this is happening? I have two servers. The samba server is a Western Digital World Edition II (2) server. The samba client (server) is running Ubuntu-kernel linux-2.6.24-22-generic The samba server is exporting the directory: /shares/internal/Music/ The client is mounting the exported directory to

hello our AD domain is hosted by two samba AD domain controllers version 4.12.6 - replication between controllers is fine, no problems. - no schema errors. - no database errors, all fine. - no CPU utilizations - wthout noticeable bandwidth utilization Recently we have deployed Azure AD connector on dedicated windows system (system is domain member server). since this deployment we are observing

Hi all, I run Samba 3.0.28a-1ubuntu4.7 on a Ubuntu 8.04/x86_64 Xeon box. On one huge XFS file system, I have several shares, which have XFS project quotas applied. Looking at the file system info in Win (both 2k and xp), I see a *very* strange size display (see screen shot). Linux tells me about the folder hosting the share: root@mybox:~# df -k Filesystem 1K-blocks Used

Hello, I have a big Problem here: samba 3.5.6, LDAP, 200+ Users. Some users can't logon to a share anymore, where they still could login last week. net rpc user info userxyz gives the groups group1 ... group8 but not the group group9 but net rpc group members group9 gives me ....... domain\userxyz ....... So, the user is a member of the group9, but his membership is not listet in net

On 04/11/15 18:30, Ole Traupe wrote: > So finally here is the solution that works for me. If you have any > questions, just ask. > > I use pam_mount with the following volume definition in the > "/etc/security/pam_mount.conf.xml": > <volume fstype="cifs" server="server" path="home/%(USER)" > mountpoint="/home/%(USER)"