similar to: pam_access.so restrictions not working - syntax errors?

Hi, I am having a strange problem, where I cannot get pam_access to work as intended. I have placed the following line in /etc/pam.d/system-auth account required /lib/security/pam_access.so Then, in /etc/security/access.conf, I have put the following line: -:mok:10.14.44.104 I.e. I should prevent myself from logging on from host 10.14.44.104. However, when I try to log on (using

Dear all, I have set up one unprivileged Domain-1 with help of FedoraQuickStart and some help from you. Now I want to install some other OS to Domain-2. How can I install a different OS (say Redhat 7.3) onto a unprivileged domain? Do I have to copy all files from an existed installation to an image file? Thanks, Koala _______________________________________________ Xen-users mailing list

I just realised that pam_access no longer works under CentOS6 - or it works differently from CentOS5. Under CentOS5, I used this configuration to restrict access to root only: # cat /etc/security/access.conf + : root : ALL - : ALL : ALL # cat /etc/pam.d/system-auth-ac ... account required pam_access.so account required pam_unix.so account sufficient pam_localuser.so

Having a difficult problem getting my pam_access.so module enforced on a 3.0.22 version of Samba. Here is my /etc/pam.d/samba file: auth required pam_winbind.so debug account required pam_access.so account sufficient pam_winbind.so debug account include system-auth session include system-auth session required pam_winbind.so debug My

Hello, I''m trying to build XenLinux 2.4.30 on debian. I get the following error for make linux24 make[2]: *** No rule to make target `skbuff.c'',needed by `/usr/src/xen-2.0/linux-2.4.30-xen0/include/linux/modules/skbuff.ver''. Stop. Could somebody help me resolve this error. Or if this is some problem with the system configuration that I''m using, could

Is the maximum permitted value for --hitcount documented anywhere? I reliably get a iptables-restore error when I specify a hitcount value greater than 20 but I cannot find any mention of there being a maximum value. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited

I've discoverd when I add the line pam_access for access authentication, It always denys a login, even when access.conf accepts everything. I've tested this with other programs, and they work okay. Any ideas?

Hi folks, I have set up a cluster on CentOS 5.2 using /etc/cluster/cluster.conf - and it works fine. It's only purpose is to switch a virtual IP between two routers. Now the service is running, I can ping the virtual IP from outside - but this virtual IP is not bound to any interface. How does this work? Can I force the cluster to bind it to a certain interface? I need this because the

Hi When I enable a box to do authentication using LDAP it breaks cron for users like jboss. I get the following in /var/log/secure Sep 14 15:25:01 exoipatest01 crond[7214]: pam_access(crond:account): access denied for user `jboss' from `cron' I have the following in /etc/ldap.conf nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,tomcat,radiusd,news,mailman,nscd,jboss

Hi folks, I am stuck with a weird phenomenon. I have set up two servers as xen servers with bonded interfaces (mode 1). The bond interface works fine on both servers as long as xen is not used. When using xen's network-bridge script (with netdev=bond0), one server works fine without problems, and the other starts upping and downing the slave interfaces of the bond in a very fast manner

Hi folks, I have a sophisticated question for which I can't find any hints on the web: If you configure init (via /etc/inittab) to respawn processes (like the getty processes) when they exit - how often does init check for the existence of such a process? Does it check actively at all or does it rely on some kind of inter process communication? I am not a programmer, so maybe the second

hi, i'm using suse 7.3 with samba 2.2.8 as PDC and openldap for authentification in network with wfw-, winnt-, w2k-clients. everything works fine. because not every client has the same configuration (same progs, same path's, hardware...), i got problems, if a user dosn't login from his ordinary workstation, his roaming-profile doesn't work fine. now, how can i force users only

I have configured my vsftpd with virtual users all of which are mapped to a system user for file system permissions (let's call him 'ftpsystemuser'). That means, if someone uploads files they are writting using owner and group of the system user: > -rw-r--r-- 1 ftpsystemuser ftpsystemuser 19968 16. M?r 11:24 Termine > Leistungspr?fungen.doc Now we have the phenomenon that

Hi, I've stumbled upon this problem while trying to limit access to specific machine to specific domain users. I did it by setting Samba to obey PAM restrictions, and then using the pam_access PAM module ('account' clause) to do user validation (described below). On Win2000, this works fine - if an unauthorized user tries to login, Win2000 says 'Account not permitted to

I am running several CentOS 5.2 servers with similar configuration. On all of them I received the following error when using a certain perl module: > Base class package "Class::Accessor::Fast" is empty. > (Perhaps you need to 'use' the module which defines that package > first.) On most of the servers installing Class::Accessor::Fast manually via CPAN shell has

Hi, I have a Debian Stretch system running a self-compiled version 4.7.3 of Samba. Having followed the Samba WiKi to allow AD users to log onto the servers using PAM authentication, I now want to restrict access to specified group(s). So I created a linuxadmins group and made some test users members of the group. Initially I tried to restrict access by modifying /etc/security/access.conf

Hi folks, I started testing the antispoof feature of xen stable (2.0.7). I am stuck with it. I have setup a standard bridged environment. I understood it like this: in domU config I set up the virtual NIC like vif = [ ''mac=ae:00:00:78:78:78, ip=192.168.0.100'' ] Then I configure /etc/network/interface of this domU to show the same IP address for eth0. After restarting

Hi all, when I try to use Xnest with setxkbmap to force a Germany keyboard layout, I get the error > Error loading new keyboard description The complete command I am using is > ssh -X -C -l $USER $HOST -n "Xnest :1 -ac -geometry 1440x850 -once > -query localhost & setxkbmap -layout de" I also tried with "setxkbmap de" in the end, but no difference. So this

> -----Original Message----- > From: Rowland Penny [mailto:rpenny at samba.org] > Sent: 01 December 2017 17:40 > To: samba at lists.samba.org > Cc: Roy Eastwood > Subject: Re: [Samba] Restricting AD group logging on to Servers > > On Fri, 1 Dec 2017 17:06:42 -0000 > Roy Eastwood via samba <samba at lists.samba.org> wrote: > > > Hi, > > I have a

Hi all, let me describe my environment and problem. System is RHEL 5.6 with latest stable OpenSSH. In sshd_config is defined "AllowGroups sshusers" but I need limitation to some of users in group to have access only from defined IP address. As I know this can be setup in sshd_config only for AllowUsers, but users in group are changed so I must use allowgroups instead of allowusers.