I don't know if this is possible... I want that only some of a Windows Domain(Samba) users can to logging in a machine.For example: The user Peter of the domain WORKSPACE can connect to the PC1, but the user Charly of the domain WORKSPACE can not connect to the PC1. How I can implement this?
View 5 RepliesThe company I work for, as usual, is Microsoft-centric. I'm attempting to integrate my Ubuntu server into the domain to allow domain users to authenticate to the server and access file shares using Samba. Here's my current configuration:
[Code].....
I want to set a log off script for samba domain users. Actually I am facing a huge temp files related problem. So I want to set a batch file which will run when domain user log off. When user logout then batch file run and delete all temp files.I have already set batch file local group policy and it works for me, but I wants to set it from server side.
View 1 Replies View RelatedI have installed CentOS 5.5 along with the Samba package. I have it configured (i believe), but when I try to access a share, it is not accepting my UN/PW. I have copied the smb.conf file from a working computer over to this one, but it is still not accepting my login. Anyone know of any other files I should check?
I have moved a working smb.conf file to this new box, and both computers have the same UN/PW's
I'm setting up a PDC Samba server on centos5.4. All tasks are well done but on adding new machine in my domain I have a this error message: Error occurred when attempt to join your machine in domain "invalid user name".
samba.log
Code:
[2010/07/05 12:34:55, 2] smbd/sesssetup.c:setup_new_vc_session(1212)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2010/07/05 12:34:55, 2] smbd/sesssetup.c:setup_new_vc_session(1212)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2010/07/05 12:34:55, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded
[2010/07/05 12:34:55, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2919)
Returning domain sid for domain RAPHAELLO -> S-1-5-21-3852106609-489253481-401883016
smb.conf .....
I think that the machine account is missed or miss matched.
At the school i work in i have a server2k3 server that provides a domain to all the windows clients, aswell as a fedora server that acts as an imaging machine and webserver.
Im rather concious of the fact that if for any reason the Server2k3 server was to die there is no backup of active directory, or anything that can take its place whilst a replacement is found.
So is it possible to use a fedora machine with samba as a secondary domain controller? so it can be used as a login server, and has a copy of AD.
Im currently using an english book to setup my samba server, and im having problems understanding it.
I dont want to use root to join clients to the domain; i prefer creating a plain user.
Ok, so, the steps i follow are:
net groupmap add unixgroup=srvadmins ntgroup="Server Admins"
net groupmap add ntgroup="Domain Admins" unixgroup=dmnadmins rid=512 type=d
net rpc rights grant 'ORAServer Admins' seMachineAccountPrivilege
This way, i have a group called srvadmins with permissions to join clients, a group called dmnadmins with permissions to manage users and other permissions, and root.
Now, users: "root", "dmnadmin"(from dmnadmins group) and "srvadmin" (from srvadmins group) can add machines to domain. Root because is root, srvadmin because i granted permissions, and dmnadmin because is admin
So i wonder, why srvadmins group is needed to be granted privileges?
I tryed to lower dmnadmins privileges by revoking semachineaccountprivilege privilege, but didnt worked
net rpc rights revoke 'ORADomain Admins' seMachineAccountPrivilege
looks like its privileges comes from another group and it user managed to add a machine to the domain correctly.
Ok, so, is this really usefull? why do i need 3 kind of users to be able to join to the domain?
Have recently setup Samba on a fresh install of Fedora 14 so that I can use it as a workstation in a Windows 2003 (win2k3) domain.
The install of Samba seems to have worked as I can connect to the Domain using ADS and kerberos. selinux and firewall have been disabled until I have it working 100%
The problem lies when i try to login to Gnome or TTY. It begins to create the home directory for the domain user logging in but after a certain process Fedora logs the user out of the system.
Have looked through several log files (/var/log/messages, log.winbindd, log.winbindd-dc-connect) but am unable to debug it any further.
Have posted the config files below which shows the Fedora machine is successfully connected to the domain as it lists its groups, users and validates logon credentials - it just won't logon!
Where i can go about debugging. Also if you need additional configs.
i need to allow window domain controller user to use file share of linux.windows DC user can see the share file and directories of linux file server but not able to access.
below is brief--
I have a Linux machine which is on my network but not on my domain. I have configured SAMBA FILESERVER for file sharing purpose. I have a Windows XP PC which is on the domain(windows server) that I am trying to connect to a share on the Linux box. I supply my credentials but regardless of which login I use I always get Logon Failure. I have created an account on the Linux machine with the same user name and password as my domain account but so far no luck. Can I connect from a domain PC to a non-domain Linux box? Is there something else I should be checking?
I have Ubuntu server 10.04 joined to a domain using Likewise Open. I can login using my domain credentials and have added my domain account to the sudoers file. Now that I've got it joined to the domain I want to add some samba shares and have domain members use their accounts to access them. However, no matter what combination of my domain name and the domain user or group I use in the valid users field it won't let me in. What's the proper way of inputting a domain user or group in the valid user field?
This is the entry I'm using for the share:
Code:
[testshare]
path = /srv/testshare
valid users = @"Domain Name+Domain Group" (Have tried many things here)
public = no
writable = yes
printable = no
create mask = 0765
I have to rename a group of machines in my little samba domain (tbd backend) but there is an ugly bug that makes this impossible. have set 'rename user script' variable corectly, also checked all configurations.When i change computer name in my windows box, it shows an error saying something like "Error calling remote procedure"Looking on server side, username for the machine gets correctly changed in /usr/passwd, and also in samba database.But samba log says:
===============================================================
[2009/10/08 11:10:32, 0] lib/fault.c:fault_report(42)
INTERNAL ERROR: Signal 11 in pid 11052 (3.0.33-3.7.el5_3.1)
[code]....
I am stuck in a weird situation and could definitely use some help from gurus in security area.
I have categorized my users into 3:
1. root user
2. other local users
3. LDAP users
I want to setup following 2 usecases:
a)
1. Allow keybased ssh and scp to root users
2. Allow ssh but disallow scp service to other local users
3. Disallow ssh and scp to LDAP users
b)
1. Allow keybased ssh and scp to root users
2. Disallow both ssh and scp to other local users
3. Disallow ssh but allow scp to LDAP users
For the 1. in both cases, I think PermitRootLogin in sshd_config could . For the 3. I am thinking of deploying rssh to control scp service access, since ssh will be restricted anyways.
Problem area is 2. primarily.
i) How to allow ssh but disallow scp to 'other local users'
ii) How to disallow both ssh and scp to 'other local users'
I have an issue with users logging into a server. There are multiple (5 or so) database admins that have to log into a windows 2003 server and from there log into a red hat server. Once they are in the rhel box they execute an app (let's say xclock) that gives them an xwindows session on their desktop. Currently only one person can do this at a time, but they have asked me to configure it to allow multiple users to log into the red hat box from the windows server and run an xwindow.
View 6 Replies View RelatedI wanted to know is there any way to monitor (I mean log)all of the activity of the users that logging in a server (as root) for example:
1.when do they logging in
2.what commands do they use at what time ( I know that history command do somehow the same but it does not save all of the activity of users exactly with the time of that activity)
3.which one of them installed which package on the server
4.what did they copy or move at what time and summery all the activity that each of them do on the server individually.
I have a system, I want only my sudoer account to show and automount NTFS partitions under 'Places' in Ubuntu. Simply, they shall not have access to mount it. Only my main sudoer user account shall take advantage on this show-and-possibly-automount feature of GNOME, but not anyone else.
View 6 Replies View RelatedI am having problems logging into my SME Linux server from a new Windows 7 machine. It sees the server on the network, but does not seem to be passing the windows login through to the Linux server (which is how all of the XP machines log in). When I try to log in using a valid username and password it goes nowhere and just says it is an invalid username and/or password. I had a Vista machine that could log into this Linux server so I do not think the Samba version is the problem.
View 2 Replies View RelatedI�m looking into preventing the samba messages from appearing in the system log (/var/log/messages).I added syslog = 0 to smb.conf and reloaded the config but messages are still appearing�suppress logging or reconfiguremba such that the �nmbd� and �winbindd� messages do not appear in /var/log/messages
View 4 Replies View Relatedhow can i join linux and mac machine with windows domain?
View 1 Replies View RelatedI've been fighting with the Samba server for a while and I'm a bit frustrated at this point. When I try to add machines to my domain I get the "The username could not be found error" here is my smb.conf...
Code:
[global]
workgroup = INMANONE
netbios name = PDC
server string = Inman Domain Controller
os level = 64
security = user
passdb backend = tdbsam
domain logons = yes
domain master = yes
local master = yes .....
Currently, I have configured a email server as primary email server Backup Email server is in my ISP and store all email in a mailbox.
configure my primary email server to connect to my ISP server and fetch all email from there and distribute to local user's mail box.
I want to join standalone windows xp machine to Linux Domain (Redhat 9)..
View 3 Replies View RelatedIn a newly installed Linux machine which is a client machine, is not listening to NIS domain server even after setting IP address ,default gateway,and subnet mask.What are all the changes to be done in configuration file.And how can be solved
View 2 Replies View RelatedI'm trying to figure out why I cannot add a machine to the Domain from the windows. in the smb.conf file, I have the proper
add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
I have a samba server for company file shares but we do not use domain services or active directory service. Each workstation is its own standalone system. (And we want to keep it this way.) I would like to have some centralized authentication though, and it looks like Kerberos will provide that. After a lot of searching though, I can't find any instructions for setting up samba to authenticate users using kerberos without an ADS (active directory service) or domain. Is this possible?
View 1 Replies View RelatedI'm configuring a classroom based on Linux (just Linux, without Windows) with user mobility. What I want is that any student will use its own 'username/password' on whatever computer getting its own data and without having to define every user on every computer. As far as Samba is very useful, even when I don't need Windows support I decided to base the solution on Samba. Right now I still have some problems and the solution doesn't work in my test environment. I defined a PDC (Samba 3.5 Domain Controller) on a Fedora 13 with 'homes', starting nmb and smb and it seems to work. On a Ubuntu 10.10 Workstation I built a Samba 'Domain Member Server' starting nmb, smb and winbind.
First question: should I define 'homes' on this server or not? I assumed 'not' as the 'homes' you have to use are the ones defined on the PDC, not on the DMS.
Second question: does winbind run just on DMS? Not on the PDC too?
I defined the DMS 'machine' and some domain users on the PDC and I could 'join' the DMS to the PDC without any problem (join rpc ...) From the workstation I can use smbclient seeing a domain with two servers, one of which is the controller. I can connect to the home shares using the domain users which are authorized by the PDC. On the DMS I paid attention on nsswitch.conf and pam file running 'pam-auth-update'. So 'webinfo -u' provides a list of users on the domain, local users and domain users. The problem arrives when I try to connect from the session login screen on the workstation to 'mydomainmyuser'. PDC validates the user, if the password is right, and I get connected but not to my PDC homes.
Instead I get some errors starting with:
'could not update ICEAuthoriy file /home/mydomain/myuser/.ICEAuthority'
It seems I'm in an empty space in an open but useless session which I can close later on.
Hereafter you will see the short smb.conf reported by testparm:
PDC
[global]
workgroup = TESO-DOM
server string = Samba Server Version %v
interfaces = lo, wlan0
bind interfaces only = Yes .....
i have configured samba as file server in fedora 11,it works fine for both windows and linux machines .but i want to configure ldap and samba as domain controller. Googled a lot on internet every thing is confusing me .
View 2 Replies View RelatedWe're still using an NT Domain Server, and Samba is already configured properly. But the problem is if the shared folder is configured in samba to be accessed by group and not the domain username, authentication fails even if the user is member of the group.
Example#1: (authentication successful)
[sharedfolder]
valid users = domain+username
Example#2:
[sharedfolder] (authentication fails)
valid users = @domaingroup
Samba version is samba-3.0.33
My Windows 2003 domain has three domain controllers. All of them are configured as global catalog servers, but my krb.conf and krb5.conf only contain a reference to one of them. What if the DC referenced is down? Should my files reference the other DCs? The contents of my files follow...
krb.conf
--------
MYDOMAIN.COM dc01.MYDOMAIN.COM:88
MYDOMAIN.COM dc01.MYDOMAIN.COM:749 admin server[code]...........
How do I configure samba such that AD authentication still works when a DC is down? Do I need multiple kdc, admin_server, and kpasswd_server entries in krb5.conf?
View 3 Replies View RelatedOne of our servers crashed due to hard drive problems. We were able restore data from backups; however the only info on the samba PDC portion of the server we have are the local and domain SIDs. Armed with only this info; is there a way to recreate the previous domain so the users and machine accounts could recognize it?
View 1 Replies View Related