similar to: Using samba4 to escalate privs.

We are in an environment where several AD domains are being consolidated into one larger domain using sidhistory. The samba winbind configuration is using 'allow trusted domains = no' as we do not care about what is in the other domains (as well as the problem that many of them are unreachable from other locations meaning winbind will choke completely if we don't disallow them). The

Since upgrading from Ubuntu 12.04 (Samba 3.6.3) to Ubuntu 14.04 (Samba 4.1.6), I've noticed some strange problems with our group mappings: First, each of our Active Directory users now has a corresponding group in Linux. I don't remember ever noticing this in Ubuntu 12.04 / Samba 3.6.3. Is this feature new? Is it documented anywhere? (I tried searching online and couldn't find

In our native Win2K3 AD domain, several AD accounts have a sIDHistory that carry SIDs from before the AD domain migration in addition to the "primary" objectSID. Samba 3.0.21c winbindd (with idmap OpenLDAP backend) on domain member servers (running SuSE 9.3 Pro) allocates multiple uids for these SIDs with the same (AD) user name: Primary SID: # getent passwd myuser

IMHO! I just see a skype channel as something good for asterisk. Skype has broad coverage. I can't imagine that skype wouldn't be interested in selling corporate accounts "skype trunk lines". Imagine having unlimited or X amount of continious calls coming in on SkypeIN and out on SkypeOUT from Asterisk. Internal Phones would all talk IAX or SIP to asterisk and use all PBX

Samba version: 4.1.9 Using the idmap_rid backend Case: A Windows AD security group has a historical SID (sidHistory) whose RID matches the RID of a user in the "current domain" For example: (Note the different domain portions of the SID) Current SID of group G: S-1-5-21-1405700021-3363460546-1698178416-30661 Historical SID of group G:

Hello everyone, The bugpoint is changed to escalate remote client return status 255 (per discussion - Re: [llvm-commits] [llvm] r75665 - /llvm/trunk/tools/bugpoint/ToolRunner.cpp) Please find the patch attached. -Viktor -------------- next part -------------- A non-text attachment was scrubbed... Name: ToolRunner.diff Type: application/octet-stream Size: 4710 bytes Desc: not available URL:

At 11:08 AM -0500 7/12/04, Steven Critchfield wrote: >[snip] > >Would it be something people would like to be able to add filters to a >line? Consider normalization as a filter. Monitor could then be moved to >a filter as well. Echo cancel could be a filter. Set it up so multiple >filters could be added and chained together. This could help those with >echo chain a couple of

Hi there. [I just asked this over the irc channel, but since I got no reply, I decided to cross-post here. Please forgive me if that is incorrect] I'm trying to migrate an Active Directory domain (that is being used only for authentication) to a samba3 domain. The network is small enough to rejoin the clients one by one and recreate the user accounts if necessary. However, the new user

I'm using OpenSSH 2.3.0p1. When my users use ssh for the first time, using rhosts authentication, entropy.c drops the privs in prng_write_seedfile() at the setuid(original_uid) line (line 550, approx): void prng_write_seedfile(void) { int fd; char seed[1024]; char filename[1024]; struct passwd *pw; /* Don't bother if we have already saved a seed */ if (prng_seed_saved) return;

http://bugzilla.mindrot.org/show_bug.cgi?id=1249 Summary: pam_open_session called with dropped privs Product: Portable OpenSSH Version: 4.4p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at

https://bugzilla.mindrot.org/show_bug.cgi?id=1249 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au --- Comment #4 from Darren Tucker <dtucker at zip.com.au> 2008-06-15 05:27:49

Running samba-3.0.23c on Genoo linux Is it possible with smbusers to allow a windows user to have root privleges on a linux share? A stock install of samba on Gentoo ends up with an /etc/samba/smbusers file that contains this mapping: root = administrator admin It appears then that other windows users could as well be mapped to root like: root = administrator admin harry and since I am the

Hello, According to http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=4970596 and other notes I read it appears that the ability to run dtrace programs (by having dtrace_proc and dtrace_user privileges configured inside NGZ''s) has been made available (through various projects) since build 37 of Nevada. I am not merely referring to configurable privileges alone, but to

Hi, I'd like to (re-)request permission to edit wiki.centos.org. My username is ThomasDoczkal. I noticed that Cloud/Manage/Ansible is outdated and would like to update it where links to external pages are still available. From there I'd like to update Cloud/* Documentation/* TipsAndTricks/* HowTos/* Best Regards, Thomas

Hello, When I attempt to join the domain using YaST (openSUSE's system configuration tool) or 'net join DOMAIN,' it prompts me for a network admin's username/password. The IT network admin already manually joined the machine to the network's AD domain (server-side), but Samba still needs a username/password. The workstations are batch-installs and are unattended, so we need a

Make your models feel like they are in high school again. This plugin retrieves the most frequently occurring values for each column. It adds methods of the form most_popular_[pluralized_column_name]. Check out <http://shanesbrain.net/articles/2006/08/04/acts-as-most-popular-rails-plugin> for sample usage. The plugin is mostly just a group_by in disguise. It is probably overkill if you

Greetings, We recently moved our Samba PDC from one linux-based samba server to another. I copied samba's settings (rsync'd /etc/samba/*) exactly, and the new PDC has the same IP address, host name and overall config. (same version of samba, same kernel, etc) Since moving the PDC, Windows XP workstations no longer recognize the smb.conf defined "admin users" as domain

Hi all We have a 100kVA GE LP Series UPS. I can't find this series in the HCL, but other GE UPSes are listed. Would it be possible to somehow use NUT with this UPS? -- Vennlige hilsener / Best regards roy -- Roy Sigurd Karlsbakk (+47) 98013356 roy at karlsbakk.net http://blogg.karlsbakk.net/ GPG Public key: http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt -- I all pedagogikk er det

Hey All, After RTM, web page and searching the archives, I felt it worth a shot at mailing the list with my query. I am looking at using rsync and various third party GUI's (rsyncX, nasbackup) to backup our departmental desktops to our nice new multi-terabyte fileserver. When we run rsync in daemon mode, it of course runs as nobody:nogroup and I am aware of being able to set that to any

Hi all Trying to setup dovecot with mysql and postfix, I have configured it as given below. thecot user has the dovecot group as primary, and is also a member of mail and dovecot-users. Still, it can't setgid to dovecot-users. I tried changing the shell for the dovecot user to something useful and chmod'ing a file to dovecot-users, and it work well. Still, no mail comes through