CentOS 5 :: Centralized Logins And Group Management?
Jul 23, 2009
I have to set up a box which can manage all the logins in our company and has the feature to manage every possible permission with as much comfort as possible. We are using Linux and AIX therefore my Boss is willing to switch from our Windows DC to a Linux DC. And here lies the problem, I don't really know what is needed to set the Box up to manage the Unix, Samba and LDAP accounts with one tool maybe?
I would like to know which Software exactly is needed and how to manage to get the thing to work together with a security aspect. I configured a Samba DC with LDAP, Kerberos and TLS but it looks like I overdid it because Kerberos is not able to manage the things we need in a manner that the other Admins in my Company would get things done in a short time.
Therefore I would like to get listed all the Software needed and maybe some How Tos how to get thing working, because I am losing my nerves on this matter.
In the last 3 weeks I have set up several test boxes but every time something doesn't work. My biggest Problem is to get Samba and LDAP to work together with TLS or another security scenario.
View 2 Replies
ADVERTISEMENT
Mar 18, 2011
I have around 9 squid proxy servers and going to deploy Dansguardian on all of them. But I feel managing individual copy/server would be an tedious job hence please let me know if any one aware of centralized management solution for Squid+Dansguardian? Or if not let me know if you are aware of any such other Open Source product.
View 1 Replies
View Related
May 26, 2011
I have setup openldap and samba for authenticating Windows and Linux clients on my server. They are working fine. Windows users are getting authenticated through server as Primary Domain Controller and Linux clients directly from Openldap directory. But I have little problem that is I want to mount home folders created on server to be available on clients so clients get a centralized storage with some quota on both Linux and Windows clients. Can you help me please how can I do that.
View 3 Replies
View Related
Jun 18, 2010
I am new to CentOS, and am having a problem with authentication.The system accepts the login if the first 8 characters of the password are correct, regardless of the length of the password.My root password is 15 characters, but entering the first 8 my login is approved, which is a bit of a security concern.I think this may be something I am missing in the PAM configuration.I've experienced the behavior on SSH as well as Webmin.
View 1 Replies
View Related
Mar 16, 2011
I have recently installed CentOS on my server and I am trying to install a Teamspeak server as well as a web server using ISPConfig. But, for installing a Teamspeak server I wanted to create the user account "teamspeak" to run it so my files under root are not accessible for security reasons. I was wondering if there was a way of creating the user teamspeak with a disabled login, I know in Ubuntu to do this you do: adduser --disabled-login teamspeak
View 6 Replies
View Related
Jan 18, 2011
After a disastrous foray into LDAP I restored NIS on a very simple network run by a very simple operator. Everything now works except for YaST on the NIS master. I can't manage NIS users in YaST any more. The option 'show NIS users' is now absent from the 'filter' button up in YaST "User and Group Management" So, after following the YaST route to LDAP there seems no way back...
These are OpenSUSE 11.3 boxes and the slave NIS server can't [obviously enough] delete expired NIS users on the master, although it sees them fine. Disabling or changing NIS server or client on the Master simply restores the 'wrong' settings - nothing is erased or cleaned. How do I clean up NIS controls so YaST sees it properly? or What do I need to do to restore NIS group & user control to YaST?
View 2 Replies
View Related
Dec 21, 2009
In /etc/xinetd you see a file by the name of gssftp
Is vsftpd replaced by gssftpd
I want to configure gssftp to allow anonymous logins can anybody tell me where is the conf file for gssftp
View 1 Replies
View Related
Jul 22, 2009
I have some problem installing ASM Software (LANDesk) a BMC module on server ACER ALTOS G330MK2 with centos 5.3 totally updated. Could someone help me to understand wich is the problem ?
INFO:Installation is being performed on the RedHat Linux distribution.
DEBUG:distro:RedHat
DEBUG:Import of rpm-python code successful
INFO:bash is installed with version 3.2
[Code]...
View 4 Replies
View Related
Mar 10, 2010
What's the centos-approved way to handle group environment configuration? Let's say there are users in, oh, 4 different groups. Let's use the usual suspects:
accounting
warehouse
admin
netadmin
and I want to set up environment variables and maybe some pathing that are specific to a given group. So that when 'joeblow', who is a member of group 'warehouse', logs in, the pathing and environment variables (and whatever else) that is needed for users in the 'warehouse' group is set up and configured.
What I was initially looking for was an /etc/groups.d, and in /etc/groups.d is
/etc/groups.d
accounting.sh
warehouse.sh
admin.sh
netadmin.sh
As part of the login process, the group memberships for the login username would be examined, and for each hit the respective /etc/groups.d/ script would be run. I'm not seeing anything like that, so I'm assuming centos uses some other mechanism, but I'm obviously not using the proper keyword mojo. Can someone point me to where this mechanism is described?
View 4 Replies
View Related
Jun 8, 2009
Session management with gnome-session-properties and GDM appears to be broken in CentOS 5.3 and 5.2. I can't comment on earlier versions.Activating "Automatically save changes to session" does work--for example, on the next login, the terminals that were open at the last logout are reopened.
But if "Automatically save changes to session" is not selected, according to help,"when you end your session the Logout Confirmation dialog displays a Save current setup option."This does not happen. No "Save current setup" is offered, regardless of whether or not "Ask on logout" is selected.
Also according to help, if one has added sessions with gnome-session-properties, then
when one logs in "on GDM, you choose a session. When you choose a session, you can
select which of the multiple sessions to use."This does not happen. No matter how many sessions one may have added with gnome-session-properties, none of them appears in the list of sessions that GDM presents.
So it appears that only a small fraction of session management functionality works in
CentOS 5.3 and 5.2.
View 1 Replies
View Related
Sep 26, 2010
A junior question: What is the use of /etc/passwd- & /etc/group-? Backups? I delete them, and they will come out again.
View 2 Replies
View Related
Jun 13, 2011
I'm used to setting up SGID on a directory
chmod -R g+s example and then
chmdo -R 750 example
And have the directory and all sub-directories preserve the set-group-ID. On CentOS SGID gets overridden by the second command.The OS is CentOS release 5.6 (Final)In theory, and like it says on this page, "if commands like chmod routinely cleared these bits on directories, the mechanisms would be less convenient..." and it's exactly whats happening. chmod -R 750 is effectivelly removing the SGID.How can I make g+s permanent?
View 1 Replies
View Related
Apr 19, 2010
Is there a way to allow other members of my group to access subfolders under my home directory, but not my home directory itself?I'm using CentOS 5.4
View 3 Replies
View Related
Oct 5, 2010
Before creating this topic I googled a lot and found lots of forum topics and blog posts with similar problem. But that did not help me to fix it. So, I decided to describe it here. I have a virtual machine with CentOS 5.5 and it was working like a charm. But then I turned it off to make a backup copy of this virtual machine and after that it has a boot problem. If I just turn it on, it shows the following error message:
Activating logical volumes Volume group "VolGroup00" not found Trying to resume from /dev/VolGroup00/LogVol01 Unable to access resume device (/dev/VolGroup00/LogVol01) ... Kernel panic ...! During the reboot I can see 3 kernels and if I select the 2nd one the virtual machine starts fine, it founds the volume group etc. (But there is also a problem - it can not connect the network adapters.) So, it is not possible to boot it with the newest kernel (2.6.18-194.17.1.el5), but it is possible with an older one (2.6.18-194.11...)
I looked into GRUB's menu.lst and it seems to be fine. I also tried #mkinitrd /boot/initrd-2.6.18-92.el5.img 2.6.18-92.el5 no luck! Yes, I can insert DVD .iso and boot from it in "linux rescue" mode.
View 18 Replies
View Related
Nov 16, 2010
I'm trying to do a disk upgrade on some servers. They are using LVM with DRBD on top and each LVM volume contains a Xen image. I have already created identical volumes on another volume group, copied the data and pointed DRBD to the new source (Which seems to have worked).
What I am unsure of is how to safely remove the disks. The disks are an Areca Raid 1 array and support hotswap. Can I just pull them out of the machine or is some sort of command needed to tell LVM or the kernel to disconnect from the physical array device? Is removing the raid array from the Areca management GUI first a good idea?
View 3 Replies
View Related
Nov 3, 2009
I have a PC connected by ethernet to a Galil motion controller card.I recently installed Centos 5.The Galil software for communicating with the card is reporting that it can't join a multicast socket group.The software used to work with another version of Linux.
View 6 Replies
View Related
Mar 24, 2010
I've installed Directory Server (LDAP). The setup has been done according to the tutorials online. Able to access the interface as well. So far so good. The issue I have is with permissions. I can assign file permissions to a user created in the Directory Server ( user not created on the local server). But the same can't be done for a group - alteast the way I currently see it. How could i assign file system rights to a group created in the directory server.
View 5 Replies
View Related
Apr 26, 2010
I've several servers (windows+linux) that authenticate to an LDAP server. There is one machine that I would like to allow only certain groups from LDAP server to have access and I am not sure where to start.
If that cannot be done, is it possible to disable LDAP root user to access these machines?
View 4 Replies
View Related
Feb 1, 2011
I have to create a script that will run only for a specific group. It is a very simple script, so to map the folder, it happens that only that group will be mapped folder. Look what I've done:
[Code]...
Corded that way, but can not be this way, the folder must be mapped to only one group, i have to do scripts for other users, groups, and a script for everyone.
View 1 Replies
View Related
Jul 19, 2011
How can I create a user group that restricts Internet privileges to only members in the group, then I will assigns certain applications to join the group for access to the Internet.
For example, I want only group net to have access to the Internet. Group net is then connected to:
Code:
So far, I am using the gnome group policy manager that is standard with ubuntu but Its not working. It is possible that im misdirected and that I should use a firewall instead?
View 2 Replies
View Related
May 24, 2010
I have a text file that currently has around 150 000 usernames in it. I need to somehow group them into smaller groups of 1000 and then add that value into the DB. for example user xzy group 1 (hopefully the groups will be digits incrementing)
[Code]....
how to search for 1000 then assign them group 1 and then 1001-1999 to group 2 etc.
View 3 Replies
View Related
Oct 19, 2009
i want secondary users can able to change the files permissions of primary group?user MAC is having www as a primary and httpd as secondary group. But he want to change the file permissions (chmod) httpd group files. Is it possible or not? I think its not possible. If it`s possible then let me know how?
View 3 Replies
View Related
Nov 10, 2009
following situation and configuring authentication for Windows users on my CentOS clients please:IHAC WIN2003 R2 Domaincontroller with ALL my users and groups maintained there. For Usermapping (SID to UID/GID) I want to use IMU which is included with WIN2003 R2 srv and extends my Active Directory schema for UID, GID, NIS Domain etc. I want now authenticate my Windows users on my CentOS clients via their "domainnameusername" and passwords on the CentOS clients.
I also have a NAS server which has usermapping integrated and resolves the Windows SID's to the UID/GID's configured within the IMU schema extensions. Now I have no idea to setup my CentOS clients to use winbind, PAM and LDAP (IMU supports LDAP queries for UID/GID resolving) WITHOUT needing any Samaba Server or functionality.
* Do I need to configure the smb.conf file because my usermapping is done on the NAS Server and I want to resolve my Windows Users/Groups UID/GID's from IMU via LDAP?
* Do I (just) need to Join the AD (2003 native) or even using Kerberos with generating ktpass.exe keytab files (what is needed/recommended and what is the difference?) Can I authenticate the users without using Kerberos?
For e.g. my username is "domainuser_a" and within the IMU the UID is set to "12345", I don't want Samba/winbind to do usermapping again based on the configured values in the smb.conf file. Some hints would be really nice for me to understand how exactly it works and what is needed...
View 1 Replies
View Related
Jan 7, 2011
i just want to prevent from now on from all users maybe even root from adding other users to groups like wheel for example. I also want to know how can I prevent from all users to create new groups or add users to new one.real
View 2 Replies
View Related
May 25, 2011
I've been tasked with fixing a Red Hat system that dies with a kernel panic during the boot stage:
Code:
EXT3-fserror (dev sda1): ext3_check_descriptors: Inode bitmap for group 4 not in group (block 67239937)!
EXT3-fs: group descriptors corrupted!
mount: error mounting /dev/root on /sysroot as ext3: Invalid argument
I can boot into a Rescue CD, but I'm a bit out of my element because I don't use EXT3 myself, and I've never had to repair a corrupted file system before.
View 3 Replies
View Related
May 15, 2009
what the maximum number of logical volumes is for a volume group in LVM ? Is there any known performance hit for creating a large number of small logical volumes vs a small number of large volumes ?
View 1 Replies
View Related
Feb 8, 2011
I have a group (GROUP) with a number of users. I recently added a new user (NEW). NEW is able to read but not write group files, whereas all the other users in the group can read and write to the group files. The permissions for the group files indicate that all members of group should have write permission -rwxrwxr-x
/etc/group indicates that NEW is a member of GROUP
...
GROUP:x:501:GROUP,OLD,OLD2,OLD3,OLD4,....,NEW
[code]....
Don't know if it matters, but both OLD and NEW write to the GROUP files over an internet connection. why NEW can't write to GROUP files? Is there a maximum number of members in a group that I might have exceeded?
View 2 Replies
View Related
Sep 24, 2010
I want to set up a centralized log server, and I have several requisites:
1. The ability to view multiple log files via a web interface or browser.
2. The server's ability to send e-mails to the administrators when a critical condition occurs within the log files.
The logcheck application seems like a good start. However, it does not have a web gui so I was wondering if anyone can recommend a program that either works with logcheck or has the above two requisites on its own.
View 2 Replies
View Related
Aug 20, 2010
I am in the process of creating a kickstart configuration file for some RedHat 5.5 and Centos 5.5 servers (Production and test respectively).I have googled about a bit but I cannot find a good list of the bare minimum packages required for a command-line system.If anyone knows how I can trim this list down anymore it would be much appreciated. The aim of this kickstart.cfg is to get the system booted to a bare minimum required to install Chef (Server management software). Chef will then setup Apache, Ruby on rails environment etc.
All this server will need to do is, from a static IP, Host a Ruby on rails app, send emails, send data to a server on the web, accept ssh and occasionally and connect to a SMB/CIFS share This list was taken from the anaconda-ks.cfg file after a RedHat install of what I thought was a pretty minimal system onto a VM but I noticed that cups, the avahi daemonsand gam_server are installed and running which I do not believe are needed for a pure web server.I know that these types of questions are hard to answer without a complete knowledge of the operating environment and what "minimum" is in this case ("@core only? but I wanted yum damnit!")
@admin-tools
@base
@core
[code]....
View 1 Replies
View Related
Jan 18, 2010
I am working for a web hosting company. We work in red hat linux environment and the employees at present are having their data stored in individual systems. We wish to have a centralized environment, so that users can log in to a server with their user names irrespective of the systems they will set. Also, this could facilitate easy backup. we have about 70 systems, 90% linux machines. The number will grow in future. I am good in NIS, but not at all with LDAP. Is it okay if I suggest NIS?
View 2 Replies
View Related
