Displaying 20 results from an estimated 1000 matches similar to: "using spn with winbind"
2023 Jun 17
2
using spn with winbind
On 16/06/2023 19:49, Stefan Kania via samba wrote:
> Hi,
>
> with sssd i can do:
> $ ssh user at domain.tld@HOST1
> $ id user at domain.tld
> $ ls -al /home/domain.tld/user
> drwx------ 5 user at domain.tld domain users at domain.tld? 103 12. Jun 14:14 .
> $ grep AllowGroups /etc/ssh/sshd_config
> AllowGroups lokale_gruppe samba_gruppe at domain.tld
>
> When
2024 Jan 08
2
winbind offline logon
On Sun, 7 Jan 2024 15:00:27 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! bd730c5053df9efb via samba
> In chel di` si favelave...
>
> > idmap config smadom:schema_mode = rfc2307
>
> Sorry but is a bug of RFC2307:
>
> https://bugzilla.samba.org/show_bug.cgi?id=15405
>
Sorry, but allowing for bug 14618, it works for
2024 Jan 10
1
winbind offline logon
Hi all!
On Monday, January 8th, 2024 at 08:23, Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Sun, 7 Jan 2024 15:00:27 +0100
> Marco Gaiarin via samba samba at lists.samba.org wrote:
>
> > Mandi! bd730c5053df9efb via samba
> > In chel di` si favelave...
> >
> > > idmap config smadom:schema_mode = rfc2307
> >
> > Sorry but
2010 Dec 23
2
Multiple AllowGroups entries in sshd_config with Puppet and Augeas
Hi,
After extensively looking into puppet + augeas for managing the
AllowGroups in sshd_config, I came to the conclusion that it won''t
work as I expected :( So I''m sharing my thoughts here.
The main objective is allowing multiple groups per-node, depending on
what the security team wants. Since I want this to be dynamic, I
created a define in a class:
class ssh::server::config
2016 Apr 11
1
SerNet - Samba 4.3 and ssh password logins
Hai,
I have
AllowGroups sshlinux, sshwindows
Add at least 1 user in the linux group and at least 1 in the sshwindows group.
Make sure the sshwindows group have a GID.
And make sure the windows user loggin in in ssh als have a UID.
AND for both, UID 1000+ ( which is in debian the default PAM setting ) .
This is base on a "MEMBER" server.
If you do :
getent windowsuser
You
2003 Feb 16
2
AllowUsers Change
Markus, ignore the other stuff I sent.. I need to go back to bed and stop
trying to code.. <sigh>
For everone else.. Will this make everyone happy?
This does the follow.
it will always honor AllowUsers.
If there is no Allow/DenyGroups it stated they are not in allowUsers. IF
there are AllowDenyGroups it tries them. And then stated they are not in
either AllowUsers nor AllowGroups
2003 Feb 12
1
((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
Hey everyone,
After discussing the AllowGroups I think I've discovered a bug.
The system is a solaris 8 system and the problem is that when I use
AllowGroups with no AllowUsers args, the proper actions happen. Same
with AllowUsers and no AllowGroups. When I try to combine the two, none
of the Allow directives seem to take.
Is it just me or maybe a bug?
-James
2023 Mar 02
2
Multiple AllowGroup lines in sshd_config?
Hi!
I'm experimenting with migrating the custom sshd_config settings for our
(Debian bullseye, openssh-server 8.4) server environment into fragments
under sshd_config.d/, and am wondering about sshd's behaviour when
encountering multiple AllowGroup lines.
The manual states "For each keyword, the first obtained value will be
used.", so that gives me the impression that any
2004 Aug 09
1
Question about AllowUsers and AllowGroups
While testing some AllowUsers and AllowGroups combinations I was surprised
to find that one cannot be used to override the other. For example:
AllowGroups administrators
AllowUsers john
If john is *not* part of the administrators group, then access is being denied.
Is this the expected behaviour? This would force me to create another group just
for ssh, something like ssh-admins.
This other
2011 Aug 15
3
Bug#637923: Tweak to ssh rules to ignore AllowGroups denial
Subject: logcheck-database: Tweak to ssh rules to ignore AllowGroups denial
Package: logcheck-database
Version: 1.3.13
Severity: minor
*** Please type your report below this line ***
Similar to how AllowUsers denials are ignored, also ignore AllowGroups:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of
2012 Aug 10
1
AllowUsers "logic" and failure to indicate bad configuration
I smacked into this previously reported bug today whereby an invalid
keyword in the Match{} stanza did not throw an error on configuration
reload. Are there any plans to fix this? Likewise the penchant for some
fields to be comma separated and others to be spaces is just asking for
mistakes. Why not support both and be done with it? There was no response
(that I saw in the archives) to this post
2002 Mar 26
5
Winbind/Samba + sshd incorrect groups
I'm currently running it on a test server (before I roll it out to our 6
live Linux box's)
And its starting to drag on and drive me mad.
O/S: RedHat 7.1
Samba: 2.2.3a
Ive got the whole system working nearly perfectly, as samba uses the
'MMGROUP+Domain Users' as the primary group, I wanted to restrict who can
use SSH and samba on the workstations.
So I created a specific group
2005 Mar 14
6
[Bug 999] AllowGroups ,DenyGroups failed to report hostname
http://bugzilla.mindrot.org/show_bug.cgi?id=999
Summary: AllowGroups ,DenyGroups failed to report hostname
Product: Portable OpenSSH
Version: 4.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2011 Jun 30
2
Limit SSH access for users from defined source address
Hi all,
let me describe my environment and problem.
System is RHEL 5.6 with latest stable OpenSSH.
In sshd_config is defined "AllowGroups sshusers" but I need limitation
to some of users in group to have access only from defined IP address.
As I know this can be setup in sshd_config only for AllowUsers, but
users in group are changed so I must use allowgroups instead of
allowusers.
2009 Mar 02
31
Using Augeas type to update sshd_config's AllowGroups
Hey gang,
I seem to be having a brain disconnect on how to get the Augeas type to
manage things that have multiple values (i.e. an Augeas tree) via Puppet.
If I run this in augtool:
augtool> set /files/etc/ssh/sshd_config/AllowGroups/1000 sshuser
augtool> save
I see this in /etc/ssh/sshd_config:
AllowGroups sshuser
However, if I try this in an Augeas type:
augeas {
2009 Dec 29
2
[Bug 1690] New: AllowUsers and DenyGroups directives are not parsed in the order specified
https://bugzilla.mindrot.org/show_bug.cgi?id=1690
Summary: AllowUsers and DenyGroups directives are not parsed in
the order specified
Product: Portable OpenSSH
Version: 5.3p1
Platform: ix86
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: trivial
Priority: P2
Component:
2018 Aug 07
2
id <username> - doesnt list all groups
Thank for your answer:
But i dont know understand why is following not working:
I want to restrict the ssh access for a special domain member:
In my "sshd_config" i added:
AllowGroups restrictaccess root
With user2 im able to login via ssh!
log: pam_krb5(sshd:auth): user user2 authenticated as user2 at ROOTRUDI.DE
With user1 im not!
log: User user1 from 192.168.0.100 not allowed
2016 Apr 29
1
Need help
Good morning.
I need help getting Samba to work the way I would like it to work.
Situation:
I have two AD domains (2012R2), DOM-A and DOM-B. I have elected to not use any SFU or RFC2307 extensions as MS has depreciated those features.
DOM-A has a group, "sysadmins", which has users in it.
DOM-B trusts DOM-A. DOM-B also has a group "trusted_sysadmins", the member of which
2020 Sep 28
4
Debian client/workstation pam_mount
The "short" version on why multiple groups here.
For all my member servers apply the following.
This line :
> > AllowGroups servers-ssh sshgroup
There are 2, linux only Admin accounts, ( local accounts )
And, only if these are member of the "local group" sshgroup
then your allowed to login.
Only users that are allowed to login with ssh on these servers
2004 Oct 02
12
[Bug 938] "AllowGroups" option and secondary user's groups limit
http://bugzilla.mindrot.org/show_bug.cgi?id=938
Summary: "AllowGroups" option and secondary user's groups limit
Product: Portable OpenSSH
Version: 3.9p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at