I am on ubuntu server and its joined to an W3k Domain thru winbind/samba. However everything works fine and Windows and Local users can login to the machine without any problem. However when I wanted to create a local user X and change his password I couldn't. It created the local user X but I could not change the password.
View 1 Replies
I am on ubuntu server and its joined to an W3k Domain thru winbind/samba. However everything works fine and Windows and Local users can login to the machine without any problem. However when I wanted to create a local user X and change his password I couldn'tIt created the local user X but I could not change the password. Here are the outputs:
Pam configs:
Common-account:
account sufficient pam_winbind.so
[code]...
I use the following method for preventing the users from changing their passwords , is there any other method other than this ?
ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 37140 2010-01-26 12:09 /usr/bin/passwd
so we need to remove the suid for that command as follows :- chmod u-s /usr/bin/passwd now normal users won't be able to change their own passwords - and only the root user will be able to do it for them.
I am using Mandriva 2010.2 KDE. When I try to change my password, using the Welcome>About Me>Change Password, I am asked to type in my current password, after I press OK, the dialogue box just seems to hang, nothing happens, the computer does not freeze, just the password dialogue box kind of stops responding.
View 3 Replies View RelatedI use the following method for preventing the users from changing their passwords , is there any other method other than this ?ls -l /usr/bin/passwd-rwsr-xr-x 1 root root 37140 2010-01-26 12:09 /usr/bin/passwdso we need to remove the suid for that command as follows :- chmod u-s /usr/bin/passwdnow normal users won't be able to change their own passwords - and only the root user will be able to do it for them.
View 9 Replies View RelatedHow can I prevent users from changing their own password? I was surprisingly unsuccessfull in finding a solution for this on google. Lots of stuff about hardening ssh access or dealing with password aging using "chage" but nowhere could I find an answer for my question.
View 5 Replies View RelatedI want the users to access servers via ssh public key only. By default they don't know their initial password and do need to change that when performing administrative tasks.For changing their passwords without knowing the old they need to switch to root for this special case.The only case it seems I don't have control is that users can not only change their password but also the password of other peoples. Does someone sees a solution (without apparmor/selinux and special /usr/bin/passwd.sh) to restrict users to only change their password?I miss the feature of using environment variables in sudoers file.
View 9 Replies View RelatedI remember back when I used Windows, there was a shell command call "net view", which would allow me to see all the other users on my wireless net.
Is there any command or application that can do this? I dont mind if it is a terminal command either, but I would really like to know a way that I could see other users on my network.
I have installed ubuntu 11.04 recently.. how can i connect ubuntu with other windows users in a local network...
View 1 Replies View RelatedI have a postfix mail server on ubuntu 10.04 lts behind a router. so all local users are fetching/sending mails through ms outlook using local IP. Sometimes when internet goes down and any mail send then it bounced back immediately saying domain not found. Can u please tell me how i configure to hold all mails in postfix server rather than bounce when internet fails and will pass through when restored the internet around 15-30 minutes?
View 2 Replies View RelatedI have the following problem and tried (almost) anything to fix it but without a full success.
We're running a server with CentOS 5.4. Every night a logwatch report is send. These mails are rejected by our mailserver because some invalid details. These mails are send to local user root which is redirected to another external mail address with /etc/aliases.
At first the mail was send from root@localhost.localdomain to root@localhost.localdomain. As you can imagine, our mailserver rejected this because the localhost.localdomain parts. So I changed the sendmail config with these options:
Code:
dnl EXPOSED_USER(`root')dnl
FEATURE(masquerade_envelope)
MASQUERADE_AS(`domainA.com')
MASQUERADE_DOMAIN(`localhost.localdomain')
MASQUERADE_DOMAIN(`slave02.domainA.com')
This solved my problem partially: Mail is now coming from root@domainA.com (which is OK), but is send to root@slave02.domainA.com (slave02 is the local hostname), which is not OK. I tried everything I could find to change that last part to, but nothing seems to work.
how to map all domain users form group Domain Users to local group users (and maybe some more)? Im using Ubuntu 10.04 x32. Its connected to my domain using Samba and Winbind, I can login using my domain credentials, automatically map user folder form DFS server, but I think that domain users have too much priviledges in the system and want to restrict them as much as possible
View 2 Replies View RelatedIs it possible to map a remote user to a local user in SSH? The object is to avoid using $ssh user@server and instead just do $ssh server instead.
View 4 Replies View RelatedMy question is probably very common, but I didn't find an answer.I have several computers, each with different user. Each user has a shared folder in samba. I want all users to access all these shares with a single login/password (not with the login/passw of each particular user)
View 1 Replies View RelatedWhen i try to login with AD credentials on Ubuntu 10.10 and the user has is password almost expire, the gdm hang and display the message "your password will expire in ... days"
If i login with any other user without that restriction, it works flawless. does anyone know what configuration file i need to change to bypass that problem.
I made a script to backup file from each host with general password in local network. This script using SSH Pass and Rsync with this
syntax:
rsync --rsh="sshpass -p password ssh -l root" hostath destinationpath
Everything is okay under 9.10 version until I migrate to Ubuntu 11.04, there is always give an error:
rsync error: received SIGINT, SIGTERM, or SIGHUP (code 20) at rsync.c(541) [Receiver=3.0.7]
I am using bash version: GNU bash, version 4.2.8(1)-release (i686-pc-linux-gnu) and 2.6.38-8-generic kernel
I have setup a nis server and client. At first I didn't have a local user defined on the client. The client then used the user and passwords from NIS, so that was ok.
The problem then is, that when the server is down, I couldn't login to my client anymore. So I created a local user with the same name on the client but with a different password (after I shut the nis server down, if nis server was on, I couldn't create a local user with the same name). I then edited etc/nssswitch.conf as follows:
Code:
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# compat Use compatibility setup
[Code].....
If NIS server is on: client has to login with the nis password If NIS server is down: client has to login with the local password (as fallback)
However the actual behaviour is that I can only login with the local password now. The NIS pasword doesn't seem to be used anymore.
How do I stop users from changing their background? I'm installing ubuntu on some (non-networked) computers at my school, and I don't want the students to change the background on the desktop. I don't care if they change it during their session, but it must revert to the default when the session is logged-out or shutdown.
View 1 Replies View RelatedI want to have a shared area for movies, music, etc. where files are available for all users. What is the best way to do this? I've tried a few different things, (ie. creating a folder and sharing it among a group, but for some reason it doesn't seem to work the way I want it to. I'm now thinking maybe have a partition like /share and set the permissions to all in fstab, but I'm not sure.
View 9 Replies View RelatedI am stuck in a weird situation and could definitely use some help from gurus in security area.
I have categorized my users into 3:
1. root user
2. other local users
3. LDAP users
I want to setup following 2 usecases:
a)
1. Allow keybased ssh and scp to root users
2. Allow ssh but disallow scp service to other local users
3. Disallow ssh and scp to LDAP users
b)
1. Allow keybased ssh and scp to root users
2. Disallow both ssh and scp to other local users
3. Disallow ssh but allow scp to LDAP users
For the 1. in both cases, I think PermitRootLogin in sshd_config could . For the 3. I am thinking of deploying rssh to control scp service access, since ssh will be restricted anyways.
Problem area is 2. primarily.
i) How to allow ssh but disallow scp to 'other local users'
ii) How to disallow both ssh and scp to 'other local users'
I changed the default port under etc/apache2/ports.conf and now I cannot connect to my server under my local network.
View 9 Replies View RelatedI am administrating a system with about 40 or 50 users, and we recently jumped ship from windows to ubuntu. Most of my users are getting along fine, but it seems every few days, i have to help someone who accidentally changed something, and now their account (or more rarely, the machine) is unusable, and has to be reset.
I know configuring /etc/sudoers is a huge step toward fixing my problem, but that still will not completely solve it. What I would like to do is prevent users from making ANY changes to the system (aside from their work files and the like), including themes, icons, desktop, background, etc.
Im trying to config my intranet to be accessible from inside the network (lan) without need of password and ask for a passwd for those who are viewing from Wan ....
Today my intranet can only be accessed from Lan, external access give me an Unauthorized message, I took look around, try #irc and still can get the appropriated help, I hope that someone here could help me on that...
A piece of my config:
Code:
This seems like somewhat of a n00b question, but I'm kind of stumped and working on a half a dozen other things at the moment, so I thought I'd go ahead and ask it.
Is there a "correct" way to set up a shared folder between two local users using only EXT4 that will allow both users read & write access to everything in the folder?
Here's my scenario: My wife and I use the same computer. I want two separate user accounts (mine and hers), but I want ~/Music to point to the same location for both users so that I don't have to duplicate all of the files.
Too protect the innocent, I'll use Jack and Jill.
So say Jack downloads or rips an album:
"/home/jack/Music/Radiohead/Ok Computer"
I want Jill to be able to able to create a folder:
"/home/jill/Music/Radiohead/Hail To The Theif"
I know the basics of symlinks so I can get /home/jack/Music and /home/jill/Music to point to the same place. I also have Jack & Jill in the same group.
The problem I'm having with my test setup is when Jack creates "/home/jack/Radiohead", it is set up to where Jill can read, but not write. So she can play songs from Ok Computer, but if she wants to download Kid A, she has to go in and manually change the permissions on Radiohead first.
Also, while I might set up multiple directories this way, what I DON'T want is for Jack to be able to modify /home/jill/otherdir where otherdir is just a regular directory set up with default permissions.
Oh, and as an added bonus, it would be nice to set up another account (i.e. a "guest") with limited permissions that can read, but not write/modify.
I have an RHEL 5.3 system where NIS logins are working perfectly, but authentication doesn't seem to be working for non-root local users. I can't login either remotely or at the console with a local user, and I can't even su to them unless I'm doing so from root (i.e. when no password is required).
I've reset the password, I've deleted and recreated the user, and nothing. nsswitch.conf does have "files" listed as part of the config, which was really the main place I'd have assumed the issue could be. su gives "incorrect password", and ssh gives "userauth failure". /var/log/secure shows "su: pam_listfile(su:auth): Refused user <username> for service su", and same for the ssh attempts (with ssh in for su, of course). I've reviewed my pam.d files, and they seem to be the same as on a working machine, but I'm not 100% conversant with pam so I might be missing something.
I'm using vsftpd as my FTP server. I have set it up so I can access my home directory via FTP, requiring my login.
But I want to make a folder in my documents (or anywhere really), which only my colleague can access. But I don't want to make a local Ubuntu user account. He just needs to be able to send files to this folder, connecting remotely, using his own login details.
I have a mail server running Postfix and the problem I'm running into is that when trying to send mail, I get a "relay access denied" error.Inside my main.cf, I did not specify 'smtpd_recipient_restrictions' so by default, the variable is:
Code:
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
The 'mynetworks' variable looks like this:
[code]....
This one made me scratch my head for a very long time
I want to give access to the sound device to all local users.
Currently only the user currently using the X11 system and root are able to use the sound hardware.
So it appears it's a problem of permissions but I couldn't figure where ...
"Merging" may not be quite the right word but that is the desired end result.
Scenario: many Solaris 10 servers, each with various local users. We want to set up LDAP for all for all of them. LDAP server is set up, procedure for getting other servers to use it for user authentication is documented and tested. The question is how to handle users that are in LDAP who also exist as a local user on a given machine.
It appears that the usernames on both sides follow a convention and therefore match but obviously the userids will not match. Local user joe has userid 1234, LDAP user joe has userid 56789.
The way I see it we'll have to:
1. move local user joe's home directory to the path that LDAP user joe will want
2. change local user joe's userid to that of LDAP user joe
3. change joe's files' owner to his new userid
4. remove local user joe
5. finally configure LDAP
Is this a rational procedure? Is there a more effective method? I'm not looking forward to this as there are many servers and each of them have a different set of local users, each with different userids which will have to be handled manually and individually therefore not even scriptable much.
Can I change the order in which the users are displayed in "lastlog" command?
View 10 Replies View Related
