Red Hat / Fedora :: Requiring Local Accounts With Sssd?
Apr 21, 2011
Is there an easy way to require that a local account be present using sssd? I configured it for ldap/kerberos and it works, but unfortunately it works for everyone in ldap, meaning anyone with an id can log in, which I don't want.I could just disable sssd, but that seems like the coward's way out
I am trying to figure out a way to pull the user information from local users on a Linux server. I have approximately 40 servers running SUSE and Ubuntu that are using Microsoft Active Directory in order to authenticate. Our internal auditing group has made us disable root ssh ability, I was doing this with clusterssh, but I can login as me then su on the server to conduct root, admin, work. This is an ongoing request to get the local users and it is a painfully slow process since I have to login to each server to get the /etc/passwd file. Is there another way to get the local user information? They are now asking about seeing the last logon date or if the account is disabled, any thoughts there as well?Most of our auditors think Windows and I am trying to make my life easier but not sure what options I have. I need to get local accounts and if they are active or disabled plus last logon date. I'm sure there will be more but if I can get the basics adding more shouldn't be too difficult but I guess I'll cross that bride when I get there.
I'm using vsftpd as my FTP server. I have set it up so I can access my home directory via FTP, requiring my login.
But I want to make a folder in my documents (or anywhere really), which only my colleague can access. But I don't want to make a local Ubuntu user account. He just needs to be able to send files to this folder, connecting remotely, using his own login details.
I have LDAP authentication working via SSSD using authconfig-tui and a few minor modifications to sssd.conf (ie: max_id etc). The problem I am having is it would appear /etc/ldap.conf is being ignored and/or setups that work perfectly on RHEL5, F11 and F12 no longer work on F13. Specifically Im referring to "pam_check_host_attr" and "nss_map_attribute". It refuses to honor either of these options and I can only assume a number of the other options in our ldap.conf. For instance, "nss_map_attribute" is defaulting to the standard "homeDirectory" rather than "homeDirectoryLinux". This is related to a bunch of OSX clients we have and its not optional to use another setup. The host restriction is also a major issue.
In the upcoming days I will be formatting my F14 box and switching to F15. Now I have offered a friend to use some of my storage (8TB) as a ackup for her personal files/photos. I want to set it up so that she can be sure she is the only one having acces to it (so not even I can read them as root).How can I set this up. encryption? account configuration?
Most likely she will upload via secure FTP.She trusts me, but I want to provide her with the piece of mind that it is not accessible by anyone but her.
I have an encrypted /home partition but would like to set up a guest account for my brother. Obviously, encryption doesn't work so well when you give out the key so what I'd like to do is specify a different, unencrypted location as a home directory for the guest account so he doesn't need access to that partition. Is there a way of doing this?
I've got fedora 10, dual boot with windows, 2 hard drives, 1st is NTFS windows. 2nd is split into a swap, ext3 for the OS, and an encrypted partition for /home.
fedora 10 and im trying to set up some user accounts on a computer. My current problem is that we set up 2 root accounts and we need both to be able to authenticate. So far this works on the command line but whenever i'm on the GUI it seems that it only allows root to give its password for things. How do i enable the second account to do that as well.as a note, i am doing this for someone else so i have little to no control how this is set up, so please, i am not looking for reasons why this is not a good idea i would just like to figure this out
My program for check mail is kMail (version is 1.13.1), sometimes get duplicates mail from all my accounts, which on the gmail, rambler and other mail servers. How I can configure my kMail for remove this duplicates.
I have evolution set up to send emails using gmail's smtp server. I've always been able to do it with no problems, but a couple of days ago I stopped being able to send emails to gmail accounts. I can send emails to other addresses but not gmail. The same happens with my wife's laptop with ubuntu. The only thing I can think of is that we recently moved and thus changed ISP, but I don't see how that's preventing us to send mails specifically to gmail accounts...
I recently upgraded my Fedora server from 13 -> 15 and imported all the linux and samba accounts from the old setup. I have the machine operating as a domain server for my network using samba and tbm files for storing user info for samba. I now have all the machine accounts (machine$) show up at the login screen after startup as well as the user accounts. How can I hide these machine accounts like before?
I am trying to give another user the ability to mount any hard disk by using either the Places menu or the Palimpsest disk utility. Currently whenever you try to do either of these, it immediately asks for root password, even though the logged in user has sudo priveliges to mount disks.
I have modified the sudoers file and given them access to STORAGE and other needed commands. The account CAN mount using the mount command in terminal, but I want to allow them GUI use. From my reseach it looks like Fedora is using DeviceKit but I'm not too familiar with how it works. What do I need to allow non-root users to mount disks in the GUI?
This computer freezes, requiring power-off, somewhere between 2 seconds and 2 hours after boot-up, most every time I use it. Sometimes I've had to power-down perhaps six times in 10 minutes. When it freezes I have a movable mouse-pointer that can select nothing. Right- click does not operate. I don't seem able to isolate a single cause. I ran a RAM check with no errors showing. Matters not which version of Ubuntu I choose when booting. I've replaced mouse and keyboard. Only running 256 meg of ram and do plan to
way to automate adding and removing users from 10 different Fedora 7 servers. We use them as print servers and our users have a user name and password to authenticate with when printing. We also use Samba to talk to a W2k3 server that tracks and charges the users for what they print. The set up was done by a vendor and after 6 months of being in production the scripts they created has flaws.
I need a way for a script to run as often as possible that will remove, change, or delete user accounts from the servers and from Samba. how to most effectively achieve this?
It would be ideal to have a file that gets written to when a change needs to be made then a script to make these changes?
I've installed Fedora 13 and would like to find a way to import my pidgin accounts, data, and logs into empathy. The Empathy FAQ doesn't mention this, there's nothing in the Empathy help about it, and I've gone through every menu looking for anything like an "import" option and come up empty. I tried asking on irc.gimp.org#empathy but got no response there. I'm guessing that means there's no built-in upgrade path. But maybe somebody has a script that will do it? Or worst case, maybe someone could point me to instructions on how to manually convert the data?
I have a problem concerning about launching Firefox from NIS accounts. But it works perfectly if is started on terminal by the the local root account.
I have several hosts that's connected to a NIS server. When I tried to launch Firefox from one of these hosts, I got no response (Case 1 below). Here are the scenarios:
Case 1 - Fail to launch Firefox as NIS user: I login as NIS user account on the host, then I tried to launch Firefox by typing "firefox" on the terminal. But then I got no response from the terminal (the web browser didn't appear on the screen).
Case 2 - Success to launch Firefox as root: I login as root on the host, then I tried to launch Firefox by typing "firefox" on the terminal. The browser has appeared on the screen.
Case 3 - Success to launch Firefox as NIS user: I login as NIS user account on the host, then from a terminal, I login as root (using "su"), then I tried to launch Firefox by typing "firefox" on the terminal as root. The browser has appeared on the screen. Then immediately, without closing the browser window, I opened a new terminal as NIS user, then I tried to launch Firefox by typing "firefox" on the terminal as NIS user.
My Linux is Fedora release 13. I found there are a few users created not by me. I am not sure if the system got hacked somehow. Then the hackers created these users, i.e. (1) oracle, (2) exim, (3) test, (4) cox. I tried to delete all of these four users by using "usrdel" command but the system said "I cannot delete these users as the users are logging in". If my system got hacked ?? or these users are created by the system itself?
I'm having a CentOS 4.4 X86_64 server. Without any warning all users account including root got disabled. As the server was still logged in as root, i was able to enable all the users account. But for root i couldn't.Without thinking i rebooted the server and except root, other users can log in to the server. I should've tried to enable root account from the /etc/passwd. But now i realize its too late for that.Now i want to change from root: x:0:0:root:/root:/bin/false to root: x:0:0:root:/root:/bin/bash. Can anyone guide me to accomplish this or is there any other way to fix this?
I've installed it properly until it works now, it does send emails and receive them, but heres the problem.
1) it does not send emails to a certain domain, unless i do dpkg-reconfigure on exim4 and put the domain on allowed relay... can't i just put something on settings which allow to send emails to ALL domains?
2) EVERYONE can connect to the server by telnet from any position, terminal or pc, and just use an existing user to send emails to anyone.... example, i have testuser123 setted up in debian/exim4 .. then they simply write "mail from:testuser123@host.dot" and the server accepts it.. without even request an authentication for that. And this is a problem, because everyone can use my email addresses to send emails to whoever.. heaven for spammers/hackers..
Generally, my sound works in all applications and browsers...but every day or two, it suddenly quits and won't work again until I reboot. I am running Ubuntu 64, 8.10 and my mobo has a built-in sound card.
I was opening up a ODG doc and then my pc froze up. I powered it down, but now its telling me upon trying to open up the document again that someone else is accessing it so its locked.
I have just installed kubuntu 10.04 (64 bit) on a moderately new Lenovo R500 laptop (dual-booting with Windows XP).
Problem: several times per working day the screen goes blank. It remains backlit, and I can still hear music or games if they were running beforehand. The only way I have found out of the situation is a full restart.
The problem occurs somewhat randomly, but is usually associated with movement of the mouse. Switching to a new user often causes the problem. Sometimes the screen freezes for 1 second before going blank. I have tried messing with the screensaver settings and the permissions for libusb (which are flagged in the mouse system settings page) without luck.
I have a small office network here which consists of three machines running Fedora 10 and a dev server running CentOS 5.2. I have no Windows machines, and have no intention of having any. I would like to use the CentOS server as the Linux equivalent to a domain controller in Windows. Use case is simple - I will still have a local root account on each machine, obviously, but I want the three staff users to be network accounts. I want them (like a Windows domain) to be able to login on any computer using their network user credentials and *not* have local credentials on any computer.
I've been Googling like mad on this, but I can't find a definitive answer or a sensible HOWTO for this use case in Linux. Others have suggested I do it all in Samba, but I cannot find an example Samba configuration that behaves as I describe above. Another article I found suggested OpenLDAP.I'm lost. What's the best way to do this with a CentOS controller machine and Fedora 10 workstations? Can anyone point me to some good resources on the matter?
I ve noticed that iceweasel (3.5.13) is slow in some java requiring websites: showcase: [URL] then add in the field location more than two locations (3=max i think). notice the slughiness if not the IW rash. Trying the same with epiphany (2.30.6) is (much) bettereventhough the cpu usage is also getting high System: Linux debian 2.6.32-5-686 #1 SMP Tue Oct 19 14:40:34 UTC 2010 i686 GNU/Linux at Gnome Desktop
I configured ssh on one of my servers to require public/private key authentication and deny access to login requests not using a public/private key. Now I need to unconfigure that,but I can't remember how I did it. I've looked through ssh_config and sshd_config, and nothing rings a bell. Googling only tells me how to enable public/private key authentication, not how to require it or stop requiring it.
DM9, 2GB RAM, 32GB SSD, Ubuntu 10.04 UNR.At Panera and at my local library there is a page that comes up when I try to connect to the Internet that is an agreement page. It comes up with my iPod Touch and with my MacBook. Using my DM9 that page does not come up for me to sign in so I can't get on the Internet.I have had Firefox and Chromium running at different times with the same results. When there is a WEP password or no password it connects. What do I need to do to get connected to the Internet at Panera and the like?
My network crashes randomly under regular traffic and more rapidly under high traffic (i.e. running Transmission) and I have to reboot to get it to start working again.
About system: Toshiba Satellite A105-S2021 512MB RAM BIOS V2.30 (Latest) Ubuntu 10.04LTS (Fresh install, not an upgrade) (Only OS on this machine) 2.6.32-27-generic #49-Ubuntu SMP [Code]....
I have the eight Debian dvds listed in my sources.list, along with security, nonfree, and multimedia repositories. It does this for all eight dvds, re-scanning them for the update.These dvds have already been scanned (from the apt-cdrom add command). New updates are NOT going to suddenly appear on these already scanned dvds, so this is a completely unnecessary endeavour.Is there a way to stop this?It didn't happen with Lenny, and I'd like to stop it with Squeeze.
I am using Red Hat and was wondering how to disable username and password only login and require that a PPK secure key file be used for authentication ? I can log in using the secure private key and the public key that is in ~/.ssh/authorized_keys but i can still log in using the plain username and password login.