CentOS 5 :: Get System-config-samba To 'see' Winbind Users And Groups
Jul 14, 2009
I have a Samba File Server that can authenticate users in my Windows AD to log into the server. Anyways, I have a good amount of Windows Admins on staff but our org wants to cut budget so our first "slash" as it were is cutting down the actual Windows based File Servers.So my question is, now that I have this test server up and authenticating for logins using Windbind....is there a way I can get system-config-samba to "see" winbind users and groups so that file servers can still be "point and click" for my Windows Admins?
View 3 Replies
ADVERTISEMENT
Sep 11, 2010
I have setup a Centos5.5 VMWare guest with Samba and Winbind for Active Directory integration, using GUI tools. Authentication works flawlessly, with automatic home directory creation. What I want to achieve now is using local UNIX groups to controll access to shared folders, to avoid bothering AD administrators with groups management. This is my smb.conf global section:
workgroup = COGITANS
password server = domainserver.hq.cogitans.it
realm = HQ.COGITANS.IT
security = ads
[code]....
'finance' is a local UNIX group where I added user 'COGITANSalberto' (I also tried with 'alberto') as a secondary group (primary group is 'domain users' and it cannot be changed). I am sure the user is added, because it is listed in 'getent group'. If I specify user COGITANSalberto in valid users it works, i.e. only that use can access the share, the others get a NT_STATUS_ACCESS_DENIED error. But if I use +finance, access is denied to everybody, and this is the log:
[2010/09/11 14:12:37, 10] smbd/share_access.c:user_ok_token(211)
User COGITANSalberto not in 'valid users'
[2010/09/11 14:12:37, 2] smbd/service.c:make_connection_snum(617)
user 'COGITANSalberto' (from session setup) not permitted to access this share (finance)
[code]....
It seems like winbind cannot recognize finance as a local group. For the same reason, I guess, 'force group = finance' does not work either (files are created with 'domain users' group ownership). My /etc/nsswitch.conf:
passwd: files winbind
shadow: files winbind
group: files winbind
Grants and ownership on the '/repositories/shared/finance' folder are
root:domain users with permissions 775
View 2 Replies
View Related
Nov 12, 2010
Have recently setup Samba on a fresh install of Fedora 14 so that I can use it as a workstation in a Windows 2003 (win2k3) domain.
The install of Samba seems to have worked as I can connect to the Domain using ADS and kerberos. selinux and firewall have been disabled until I have it working 100%
The problem lies when i try to login to Gnome or TTY. It begins to create the home directory for the domain user logging in but after a certain process Fedora logs the user out of the system.
Have looked through several log files (/var/log/messages, log.winbindd, log.winbindd-dc-connect) but am unable to debug it any further.
Have posted the config files below which shows the Fedora machine is successfully connected to the domain as it lists its groups, users and validates logon credentials - it just won't logon!
Where i can go about debugging. Also if you need additional configs.
View 1 Replies
View Related
Feb 24, 2010
system-config-samba doean't work from terminal neither it is shown in graphical mode, i cannot see system > administration > servers. Server is missing.
View 1 Replies
View Related
Mar 31, 2010
I have centos 5.4 installed (2.6.18-128.2.1.el5 #1 SMP Tue Jul 14 06:36:37 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux), and I am using WHM/Cpanel to manage my server. I am looking for a GUI utility, so I can graphically manage users/groups.
View 1 Replies
View Related
Jan 19, 2011
have recently encountered an issue in fedora 14 whereby upon entering the root password the users and groups and authentication utilities do not run. (system/administration/users and groups) They used to run fine.
View 6 Replies
View Related
Jun 27, 2011
I have an ubuntu 11,04 samba domain server, I want to also configure this machine to work as a dhcp server, however this have give me some issues with te windows 7 workstations, my guest is that it have something to do with the iptables because those station do join the samba domain went both server and workstation are conected to a router.
This is the script I use at boot
Code:
#FOR SHARED INTERNET
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables --table nat -A POSTROUTING -o eth2 -j MASQUERADE
[code]....
I haven't test it with windows xp station but I have use the same code in the past with no problems, and since this is my first time joining windows 7 station i belive there must be some other port that need fowarding.
View 3 Replies
View Related
Mar 16, 2011
I'm comparing a RHEL4 samba server's config to a new RHEL install with a default samba config. On the old one I see that there is a line saying
invalid users = root bin daemon adm sync shutdown halt mail news operator
On the new default install I don't even see where it mentions the invalid users option in the notes. Does it do that by default now or something?
View 3 Replies
View Related
Oct 24, 2010
After installing VirtualBox, add yourself to the Vboxusers group in System -> Administration -> Users and Groups.Then re-boot your computer!Otherwise you will spend hours (like me) wondering why your USB devices are not available in your guest VM.I just did a complete install on a new, larger hard drive and had forgotten this simple fact. Doh!
View 2 Replies
View Related
Jan 2, 2010
I recently was able to network 2 computers at home and I wanted to make my password more secure. When I try to edit my password via System>Administration>Users and Groups, it doesn't workI am able to edit my user settings. When I change my password I enter my old one and it accepts my new one. Problem is when I try to install programs, login and do other things it only accepts my old password. How can I change my password?
View 3 Replies
View Related
Jul 24, 2010
where are the "System Log Viewer" config files stored? I know most have been moved into /var/rsyslog.d/ folder but where are the users config file stored? I restored my local /home to a fresh install and the Log viewer is looking for log files from the OLD install.
So there must be a config file somewhere in /home/$user that the system log viewer is reading from as well as the rsyslog.d folder...
View 1 Replies
View Related
Dec 15, 2010
I have an auditing problem. I am required to be able to track user account modifications (creates, deletes, password changes, etc.) My team and I implemented auditd 1.7.17 and borrowed an existing rule set from /usr/share/doc/audit-1.7.17/nispom.rules. What we're seeing is that user account activity from the command line is retrievable by doing an 'aureport -m'. However, doing the same through the GUI, 'aureport -m' does not display the activity. So I have two questions:1. Is there another location I should be looking to find the user creation activities when using the GUI?2. Is there a way to make the activity using the GUI be captured in /var/log/audit/audit.log so 'aureport -m' can report it?Someone suggested a PAM configuration change, but was not able to tell me what change to make.
View 3 Replies
View Related
Nov 5, 2009
when I open this it opens up greyed out for a split second then closes.I started it in a console ,it did the same but the following was left in the terminal
Code:
[tytower@localhost ~]$ system-config-users
Traceback (most recent call last):
[code]...
View 2 Replies
View Related
May 7, 2013
I use this GUI app a lot when I was using Ubuntu. Very simple to use. I want to use it in my new Debian 7 xfce install. My understanding is that I would have to build a deb from source to allow me to use this app? If this is the case, what is the best (easiest) way to do this. I saw some videos in YouTube but I'm not sure if things have changed with the new Debian 7. I have never used Debian before so if possible, go easy on me...
View 3 Replies
View Related
Mar 29, 2011
I installed the Gnome desktop CD1 AMD 64 version of Debian Squeeze. I installed samba and python-smbc. I am missing samba printers in my system-config-printer. Anyone know why? [url]
View 2 Replies
View Related
Jun 23, 2010
we are using LucidLynx Linux, 64-bit,with ActiveDirectory accounts via samba/winbind 64-bit.I have 2 separate 32-bit applications:IBM MQ Toolkit (32-bit java-based) and Acrobat Reader
View 2 Replies
View Related
May 29, 2011
I've got a situation where I would normally use NFS, but cannot. So in it's place I need to use a samba share (even though it's linux -> linux). I need it completely open and world writeable as if I had done an rw in an NFS export. I thought I had it as when logged in as a user I can edit delete etc. however the apache user seems to be struggling with creating files. Here's my smb.conf as it stands.
[global]
workgroup = WGRP
server string = Samba Server Version %v
security = user
passdb backend = tdbsam
unix extensions = no
[tmp]
comment = Temp Directory
path = /var/tmp
public = yes
guest ok = yes
writeable = yes
browseable = yes
[sites]
comment = Sites Directory
path = /var/www/sites
public = yes
guest ok = no
write list = siteusr
writeable = yes
create mask = 0777
browseable = no
security mask = 0777
directory security mask = 0777
Note that the drive is mapped as user siteusr. What I can do to open it up more?
View 5 Replies
View Related
Mar 15, 2015
I really don't like GADMIN-SAMBA, and want to load the graphical tools I used previously on my homebrew Samba box I have at home (used to have Squeeze on it).
Have amd64 Debian 7.8 installed on a slimline HP Compaq PC ...
View 1 Replies
View Related
Apr 13, 2010
I am using Fedora 12. I have the following problem, when i working with system-config-samba dialog:I add the new user on the server:as following:
Unix username: vova
Windows username:test
As described in Customisation Guide for Red Hat 9: "If the user has a different username on a Windows machine and will be logging into the Samba serverfrom the Windows machine, specify that Windows username in the Windows Username field."So i logged from the Windows machine not under test(Windows username) but under vova.And i logged in without the problem. However it seems that samba should check windows username=test (as have written in samba-config) and ask an password for different users. And additionally, if samba check the currect user in Windows itself and verify it with Unix user, what for we need write the Windows username in samba config? I don't understand
View 6 Replies
View Related
Apr 26, 2010
I added my linux server to a windows AD using winbind / samba. Everything worked just fine. After changing the OS to Debian lenny x64 I get a "segmentation fault" when trying to change user passwords. I am using the exact same configuration, on my 32 bit Server everything works.
debian:~# passwd <user>
sgmentation fault
tail /var/log/syslog:
kernel: [689689.005934] passwd[11209]: segfault at 0 ip b7b84418 sp bfc37fc0 error 4 in pam_winbind.so[b7b7e000+b000]
Debian Lenny 5.0
[Code].....
View 2 Replies
View Related
Jul 3, 2010
I've been searching around the web for help and have been really pulling my hair on this one. I have a Windows 2003 Server w/ AD on it. I have two linux machine, both running the same version of RHEL 5 (compute-1, compute-4)
When I log into compute-1, and do an "id dhuynh", I get this:
uid=1501(dhuynh) gid=1500(domain users) groups=1500(domain users),2013(dusers),1501(certsvc_dcom_access),1507 (BUILTIN+users)
When I log into compute-4, do do the same command, I get this:
uid=1500(dhuynh) gid=1504(domain users) groups=1504(domain users),1505(certsvc_dcom_access),1501(BUILTIN+user s)
Notice that the uid and gid are different. How do I get them to be the same? This is affective the file permissions in certain shared directories. I've check /etc/samba/smb.conf and they are identical. I also check /etc/nsswitch.conf and they are identical too.
View 2 Replies
View Related
Jan 7, 2010
I need to add linux and samba users using a shell script, it falls over because you are prompted to set a password.
I had a similar problem when installing the samba package using a script because it asks for confirmation after the command, I got round it using --force-yes -y as below.
apt-get install samba smbfs swat --force-yes -y
I suspect and hope you can do something along those lines when creating a linux user and a samba user, something like
smbpasswd �a username ?
View 3 Replies
View Related
May 27, 2010
When I run from the command line, I get this output:
Traceback (most recent call last):
File "/usr/sbin/system-config-samba", line 45, in <module>
mainWindow.MainWindow(debug_flag)
File "/usr/share/system-config-samba/mainWindow.py", line 82, in __init__
[code]....
I have removed and re-installed and get the same crash.
View 2 Replies
View Related
Aug 3, 2011
Intent is to use samba+winbind to authenticate Ubuntu desktop against a Windows 2008 R2 domain (seems like I was able to get it working temporarily but it stopped working after some time). Quick overview of the issue: winbind is failing to lookup group ID's for a domain user causing the domain user to receive group errors on login and an inability to use domain groups in other configuration (sudoers, etc)
- Very basic install, boot to Ubuntu Desktop 10.04 LTS 64bit install, basic install options, perform software updates
- Following an Ubuntu AD HowTo [URL]
- Install kerberos, samba, winbind packages
- Make changes to krb5.conf, smb.conf, files in pam.d/ (to make the home directory and restrict login based on group membership, which works even in the half-working state but requires SID instead of text name)
After a reboot I can login as a domain account but I get the following error(s):
groups: cannot find name for group ID #####
##### is usually a number that ranges from 10000 to 10020, based on the smb.conf line regarding idmap I will get multiple group errors (one for each group that the user belongs to that winbind can't lookup for whatever reason, some groups can be resolved - see below) If I log-out and then log-in as a local user I can run the following command: id username The output returns something similar to the following:
uid=10002(username) gid=10003(domain users) groups=10003(domain users),10033,10032,10031,10030,10029,10028,10027,1 0026,10025,10024,10023,10022,10021(some group),10020,10019,10018(some other group),10017,10016,10015,10014,10013,10012,10011(s ome other other group),10010,10009,10008,10007
On a working system (Ubuntu 10.10 and when 10.04 decides to work) each group is followed by parenthesis' and the name of the group, this result clearly shows that some groups can be looked up but for some reason other groups are failing An output of /var/log/samba/log.winbind produces the following entries (that are logged when you run the id command)
[2011/08/03 19:04:39, 1] winbindd/winbindd_ads.c:1137(lookup_groupmem)
lsa_lookupsids call failed with NT_STATUS_PIPE_BROKEN - retrying...
[2011/08/03 19:04:39, 1] winbindd/winbindd_ads.c:1137(lookup_groupmem)
lsa_lookupsids call failed with NT_STATUS_PIPE_BROKEN - retrying...
The above repeats for what looks to be each group that fails (based on count of entries)If I use wbinfo I can resolve text group name to SID and SID to GID
wbinfo -n groupname (returns proper SID)
wbinfo -s SID (returns proper text group name)
wbinfo -Y SID (returns proper linux mapped group ID)
Following that process for a group that my user belongs to that is not resolving (via the id username command) will return the group ID (GID) properly (even though id username fails to lookup info for that same GID) Version Information:
uname -a
Linux hostname 2.6.32-33-generic #71-Ubuntu SMP Wed Jul 20 17:27:30 UTC 2011 x86_64 GNU/Linux
lsb_release -a
No LSB modules are available.
[code]....
View 3 Replies
View Related
Sep 3, 2009
I'm using on my smb.conf
# Sincronizacion de cuentas LDAP, NT y LM
# unix password sync = Yes
ldap passwd sync = Yes
[code]....
View 2 Replies
View Related
Mar 4, 2010
I installed Samba on CentOS, create a principal share called "public" . I want to populate this share with subfolders, and to grant access rights to specific folders for specific users. The content of "public" will be visible for all Samba users, but they will have read/write access only to the specified subfolders based on my security policy. I need the best way for doing this kind of stuff...
View 1 Replies
View Related
Apr 10, 2009
I tried to run system-config-kickstart when after full installed CentOS 5.3,it report error as following,does anyone face the same problem?
[root@localhost ~]# system-config-kickstart
Loaded plugins: fastestmirror, kernel-module, priorities, protectbase,
: versionlock
[code]....
View 2 Replies
View Related
Apr 13, 2010
Recently i configured Postfix with Cyrus-Imap and it all worked fine unless i wanted to allow also AD users to use Squirrelmail.Currently AD users are able to logon to ssh server without any problems.
- wbinfo -u & -g is fine
- testsaslauth - passed
- telnet to localhost 143 + a LOGIN user password - passed
- cyradm shows active mailbox for particular user
imap i pam.d:
#%PAM-1.0
auth include system-auth
account include system-auth
View 1 Replies
View Related
Dec 20, 2010
I am logged in with the account i created with ubuntu back in 10.4 but i cant do anything with the users and groups management tool any idea's what might be wrong? It also doesnt ask to escalate provilages when i run it which i suspect is part of the issue.
View 2 Replies
View Related
Nov 9, 2009
I'm installing CentOS for the first time to run mythtv on (I previously used Fedora, but the new version cycle was too quick). As part of the instructions I'm using, I am told to run system-config-boot (to ensure that centosplus kernel is loaded on boot). The problem is, I cant find this option in my installation of CentOS. Another option I have is to manually edit the grub.conf file, but I'm not sure exactly how I should edit it.
View 2 Replies
View Related
