Displaying 20 results from an estimated 2000 matches similar to: "A couple of quick questions"
2006 Sep 22
1
ssh login through AD solution
Thanks to Anthony Ciarochi at Centeris for this solution.
I have a Centos (Red Hat-based) server that is now accessible to AD users
AND local users via ssh. I can control which AD groups can login using the
syntax below. Red Hat-based distros use "pam_stack" in pam.d which is quite
different than Debian's "include" based pam.d,
cat /etc/pam.d/sshd
#
2018 Jun 01
2
GSSAPI vs group check
Dear All,
Is it possible to make any authorization (eg. checking of group
membership) in case of GSSAPI authentication?
Our dovecot authenticates the users against PAM and GSSAPI. In the PAM
file I'm able to check if a user is a member of a selected (e.g
mailreader) group. If the user is member, he can login otherwise not
(see below). If the user has a valid Kerberos ticket and he
2013 Jan 24
3
require_membership_of is ignored
I have a RHEL 6.3 machine successfully bound to AD using winbind, and commands like wbinfo -u and wbinfo -g output the users and groups. I can also log in as any AD user.
The problem is, I can log on as any AD user.
require_membership_of is being ignored. I can put in a valid group with no spaces in the name, a group by SID, and either way, everyone can log in.
I've put this option in both
2012 May 31
1
Tangential Issue: idmap backend = ad and Active Directory 2008R2
Tried single quotes on Domain Admins in the pam.d file as well as a backslash on the space with no effect. I've found several references that just say "no spaces in group names." Is there really no way to do this?
Also, most references I find to using these lines in pam.d say that "sufficient" should work, but I'm finding that users in the named group can then log in
2009 Sep 16
1
locking down ssh when using winbind
Hi all,
I'm using samba with winbind which has been integrated with Active
Directory.
In the smb.conf file, I have
template shell = /bin/bash
winbind use default domain = yes
to allow ssh but I don't want all the domain users to be able to ssh.
Is there a way to only allow for example) domain\ssh_group which is an
active directory group to be able to ssh into the server?
This is my
2024 Jun 12
2
use of ‘idmap_ldb:use rfc2307 = yes’ in DCs
On Wed, 12 Jun 2024 09:00:47 +0200
Christian Naumer via samba <samba at lists.samba.org> wrote:
> Am 11.06.24 um 19:37 schrieb Luis Peromarta via samba:
> > Correct, and I have done so and explained extensively at the
> > beginning to this thread.
> >
> > Question is:
> >
> > Should we stop telling people to provision with idmap_ldb:use
> >
2012 May 24
2
Samba as member of multi domain AD (nss/pam)
Hi list,
I'm looking for someone out there, using samba as a member
server in a multi-domain Active Directory forest (maybe even
with nss_/pam_winbind for unix users/groups).
It took quite a long time to get things working at all here, and we're
still not really comfortable with our current solution (especially
the unix nss/pam part).
I'd be glad if someone out there was interested
2012 Feb 23
1
Error accessing others domains in forest
Hello all.
After last update (from winbind-3.5.3 and krb5-1.8.1 to winbind-3.5.10
and krb5-1.9.1) users from a trusted domain can't authenticate any more.
Machines are joined to domain PERSONALE, and users from domain STUDENTI
aren't recognized. Domains are handled by W2k8 or W2k8r2 (I have no
control on these).
Last lines from /var/log/samba/log.wb-STUDENTI report:
[2012/02/23
2011 Nov 30
1
Failing identification of users in trusted domains?
Hi all.
I'm getting mad at this.
I use winbind to authenticate users in multiple domains from AD. The
config worked well, before upgrading from 3.5.3 to 3.5.10 in Mandriva.
Now, if I 'winbind -i user.name' (so using the joined domain PERSONALE)
I get the correct info, but if I do a 'winbind -i
STUDENTI\\another.name' the answer is a 'Could not get info for user
2012 May 29
4
idmap backend = ad and Active Directory 2008R2
Hello All,
I'm trying to set up linux ssh/shell authentication on a CentOS_6.2 server
running smbd version 3.5.10-114 using winbind/smb/pam. We've done this
successfully using the tdb backend but wanted users to get the same UID/GID
on every machine. Switched to rid for the backend but users still got a
foreign number for UID and their default group was always Domain Users. So
I'm
2020 Sep 11
4
Winbind offline cache and strangeness...
I've setup a portable system (ubuntu 16.04) joined to my AD domain,
that in their primary network works as expected.
But in this 'COVID time', the portable start to roam around, and users
say me that, suddenly after some days of use, get incredibly
sloooowww... after that users reboot, and cannot get back in, login
refused.
I've setup a VPN, but clearly if users cannot login
2009 Nov 19
1
Other troubles
Hello again.
There are some more issues I still couldn't fix, and can't say if it's
only a misunderstanding on my side, something that can't be done or a
bug (I doubt).
1) In our organization we have two "primary" domains (a lot of others,
but they're not interesting here). I tried changing the default
'PERSONALE' (where machine is joined) to
2008 Feb 20
0
samba, PAM and active directory
Hi,
I want that users can log on (SSH and console) a
Debian box can do it through Active Directory. I still
want that root user can log on (SSH and console) so I
created a wheel group for that.
I can log on successfully with all AD and root
users. However, I'd like to limit the AD users to the
technology domain group.
I've googled a lot:
2008 Jun 04
1
Problem with Login Shell in User Information using Winbind
Hi all
I am trying to get windows AD logins to work with Fedora 8/9 linux.I had
the same setup working well with fedora 7 , but with fedora 8/9 the
problem is whenever I do "getent passwd 'username'" the login shell is
listed as /bin/false and users cannot login , even though I have set it
to use template shell= /bin/bash in the smb.conf configuration file.
Also I have made
2007 Mar 09
4
Adduser help
at
http://wiki.openpbx.org/tiki-index.php?page=Easy+route+to+building+OpenPBX.org
there is the following adduser command:
adduser --no-create-home --ingroup openpbx --disabled-password
--disabled-login openpbx
This does NOT seem to be the right format for Centos. So far, using
man, I have come up with;
adduser -M -g openpbx
What else do I need?
2018 Jun 08
0
GSSAPI vs group check
Dear All,
We are having a very similar issue with dovecot 2.2.34 as ?kos. We want
our users to authenticate via GSSAPI over Kerberos using their TGT.
Our setup is two distinct locations with their own dovecot's with access
to these being handled via LDAP auth mechanism with filters to check for
their group memberships, i.e. users from location A are in group A and
users from location B
2013 Aug 22
1
Not Obeying "require_membership_of" winbind.so when "User must change password at next logon"
Okay, so I have an Active Directory server running on Windows Server 2012 Standard
I have configured Samba/Kerberos/Winbind on Ubuntu 13.04 to bind to the DC properly.
I am able to login with my Active Directory users credentials.
When I use the 'require_membership_of' option in pam.d/common-auth for winbind.so using the SID of the group I want to restrict access to, it works like a charm.
2013 Jun 19
1
"The account is not authorized to login from this station"
Good Day,
I am testing, in a lab environment, samba shares with ad authentication for access. My setup is as follows :
* Windows 2008 RC2
* RHEL 5.9
* Windows 7
* Windows XP SP3
* Samba 3.0.33-3.39.el5_8
All machines, including the RHEL Server having been added to the Domain running on the Windows 2008 RC2 Server.
As per the subject, when trying to connect, from XP or Win 7, to the shares I
2007 Nov 14
3
Sso the Linux way?
So I was googling around about this over the last week and here is what I
found:
nis/yp is for some reason bad.
Kerbos is holy, but no how-to's that don't involve windows and active
directory.
What is the recommended sso approach for centos? Where are there examples /
docs to follow?
Jason
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-
2007 Sep 09
1
user / machine / group scripts, some work some don't
Hi List,
I have some issues with user manager for domains (srvtools.exe from MS)
and the scripts mentioned in the subject. The examples from the samba
howto collection seem to cause serious issues here. I am on debian etch
and tried to create my own scripts but till now to now avail. With the
examples from the docs I could add groups, but could not add users to
groups. There was the option -A