Ubuntu Servers :: Win 7 Users Won't Be Able To Authenticate Unless Access Using IP Address
Sep 22, 2010
I've got a Samba server (CentOS)(I swear all my non-work boxes are Ubuntu) that has been working fine in our Active Directory environment for a long time, now that Windows 7 has been forced upon us, we've noticed that Win 7 users aren't able to authenticate to this server unless they access it using the IP address, e.g. \192.168.1.22. We've tried the different Windows 7 registry hacks and nothing makes a difference. We were advised to update Samba and we did to 3.3.8. However, this being a virtual machine, upgrading a clone of this machine did work, the configuration was identical, except the hostname
The company I work for, as usual, is Microsoft-centric. I'm attempting to integrate my Ubuntu server into the domain to allow domain users to authenticate to the server and access file shares using Samba. Here's my current configuration:
I installed a few media servers to stream something to my PS3 over the weekend, but now when trying to shutdown the computer, I'm asked to authenticate with a password since other users are still logged in. I installed quite a few programs over the weekend trying to get it to work, so I can't remove a specific one. Is there a way to see which daemons are logged in under a different session? Found it. It turned out to be mythtv.
I use Ubuntu in my office NIS environment and I can't upgrade the whole network to LDAP right. I upgraded to 10.04 recently and reinstalled the NIS client and associated packages, among other things.
I have set up my /etc/nsswitch.conf file so that passwd, group and shadow all have "files nis", I'm bound to the correct NIS domain and I can do "ypcat -k passwd" or "ypcat -k hosts" just fine.
Problem is that I can't log on or su to any NIS user, I just get "authentication failure". I've tried the same usernames and passwords on Red Hat NIS clients on the same domain and they work fine.
I have a server setup with all my web development stuff in /var/www and in several sub-folders within that. (each project having it's own folder)It works great with one FTP account. But recently I've been getting help on a projects from a buddy of mine that freelances, and have made him an FTP user account as well. All is fine, except for when he tries to edit a file and gets a permissions error.
Here's the issue, I don't want us to have the same FTP login, but all the files are currently owned by my user name. So, when he logs in to edit a file, he can't because I'm the owner, and the files are set to 744. Will I cause any harm by adding both users to the same group (www-data) and chmod'ing the files to 775 so that we can both access and modify the files?
Quick question - I would like to know how to prevent users from accessing directories above the directory used for ftp. I'm running proftpd and I'm able to connect outside of my LAN, however all user accounts can click "Up to higher level directoy" and access everything, all the way up to the root directory. How can I make this unaccessable/not visible to users connecting to my server, allowing access only to the directories and subdirectories I have specified?
Im using linux (Suse 11.1) on my laptop in my new job, however I need to set up my accounts and any account to authenticate using the existing windows ADC server.
What do i need to do precisely. I have kerberos & Samba installed. Do i need both of them or can I just go ahead and set up one.
I have no idea what is going on here and this is the second time it has done this but. I just installed Lucid Lynx Desktop Edition for my Server. I have installed apache php5 mysql binarys. I have 3 ips on the machine 10.0.1.30, 10.0.1.37, 10.0.1.38. .30 is the main ip 10/100 the rest are 10,100,1000 ports. I can only access Apache 2.2 over .37 or .38 but not .30
I have not used Ubuntu alot but I am starting to and this really pisses me off since all my computer have aliases to the machine through .30
I'd like to setup an Ubuntu LAMP server, and provide limited access to it for our in-house web developers/designers. I'm not quite sure how to go about the permissions side of things. Which user/group should "own" the /var/www directory? Is it www-data?
How do I create user accounts (for our developers) that have access to the /var/www directory - do I create accounts then add them to the www-data group? Or should I make a special 'webdev' group and give it access somehow?
I am currently running Ubuntu Server 9.10 as an FTP server. It has become a necessity to allow users access via SSH terminal or sftp via WinSCP. I need to be able to monitor what users are doing at any given time and be able to pull up each users activity history. Essentially I need to be able to pinpoint who modified a file at what time. Also what is the best method to monitor things like nmap probes?
I want to configure a remote internet facing server as git server. I would like to restrict access to the server to a few systems (access is restricted to select computers, not users). I first thought of using ssh key, but the key can be copied to another system hence that alone is not sufficient. I am having a dynamic IP, so simple IP based firewall blocking is also not possible. I was thinking about the possibility of using both SSH Key and IP based access. Is it possible to update the firewall rule whenever my ip gets changed?
is it possible to authenticate users logins by a database (postgres, mysql)?for instance: -user types username, pasword, at login screen -OS then connects to server with database and checks if the user is valid. if so, is it feasible to add a time lock function for each user? in the sql, postgres table ? for instance user sandra can only log onto the computer for 1hr at 5pm
is there any solution for authentication of ethernet users.something similar to daloradius for wifi.I dont want to use pppoe. is there any way to connect daloradius with dhcp server, so when certain mac address asks for IP first daloradius will look if it is allowed.
I don't know what happened but sendmail suddenly stopped authenticate my users who tries to send mail. I use slackware 13.0 and sendmail for SMTP with ssl and plain authentication. Imapd works fine. There is nothing in logs just that the client did not issue MAIL/EXPN/VRFY/ETRN during connection.
We are testing the possibility to migrate from winXP to SLED 11 SP1. We have solved integration login and single sign on. But now we have the problem that we are not able to authenticate users against eDirectory. The test enviroment is SLED 11 SP1 workstation with authentication method eDirectory LDAP, default software + Novell client from installation disk + yast2-lum + yast2-linux-user-management
I just installed the Ubuntu 9.10 and then installed Oracle 10 Express and all went fine. I can access oracle on 127.0.0.1:8080/apex address however when I try to access the server on it's external ip address (192.168.1.14) even when I'm on my Ubuntu machine it's failing. I'm new to Linux so I'm sure this should be silly and simple issue but I can't find a way around it. I need this so I can access the oracle server from outside world (other nodes on the network).
I am wondering how websites like banks are able to determine if you have previously used a certain computer to access the website, even if your router's IP address may have changed and your system's cookies have been cleared. I have users that need to access our HTTP intranet from outside locations. Those locations will have dynamic IP addresses most of the time, so I can't just "allow from [ip]" in my Apache proxy configuration. Originally we considered a VPN, but determined that a VPN will be overkill to access just an internal website, since we do not want external users to have permission to the rest of the network, only the website.I currently have it working over HTTPS with basic authentication against an internal LDAP server, but I want a little more security for such an important website.
crappy diagram: [user]-->(internet via https)-->[apache gateway]-->(intranet)-->[http server]
Friends is there some way to authenticate Microsoft windows users from openldap running on CentOS. I will be very thankful if you provide me step by step procedure.
Im trying to config my intranet to be accessible from inside the network (lan) without need of password and ask for a passwd for those who are viewing from Wan ....
Today my intranet can only be accessed from Lan, external access give me an Unauthorized message, I took look around, try #irc and still can get the appropriated help, I hope that someone here could help me on that...
I am using Unbunto desktop and installed "likewise open" so that my linux client can access windows active directory(join the domain). On server side i have windows 2003 server. On windows 2003 server in active directory i have assigned each user a disk space. I have sucessfully joined linux (ubunto) box to the active directory domain but my linux box has access ($ it can use) to all other user diskpace ( they can browse other users) and when i joined windows xp client with the same server it works properly( xp client cant access or use other diskpace)
So, I am looking to implement an FTP server with Isolated Client accounts/directories where a client can only access what's in their directory. I also need to provide my internal user's (content managers) the ability to upload, delete, etc from all of the Client accounts. The simple part is creating the secure client accounts. It's a matter of changing DIR_MODE in adduser.conf to 700 or 770, creating a user, having the FTP server chroot them to their home directory, revoke/restrict shell/ssh access and maybe even slap on some ACL to prevent botched permissions.The hard part is figuring out how to give my power users the ability to access all of their folders without thrashing security.
My first thought was to put all of the client user-groups in a parent group and having my internal users inherit group permissions..but you can't have groups inside of groups.My second thought was to put all of the client users in the same group and prey that the FTP chroot is enough to keep them from poking around but then I have the problem of how do my internal users access other user directories if they are chrooted. Do I create a second server without chroot.do I create some weird nested homedir structure..I honestly have no idea how to satisfy both requirements (secure client accounts and privileged user accounts). I need my privileged users to authenticate against Active Directory via Likewise open, LDAP, etc and I don't care how the clients authenticate. Though, I would prefer to have both file and FTP-server level protection just to make sure no one can see the other client's data.
I have running on RHL enterprise 4. I want to configure squid users to authenticate against windows 2003 active directory. How do I go about from scratch
I've spent days trying to setup access properly from a public address to a monitoring server that works fine locally. Everything works from public access until I try to link to a CVS repository. The rancid CVS repository is set up as a separate server (virtualhost). It appears the referring link causes a DNS error (105: Server Not Found) when the CVS repository server is accessed from the public address. Things work fine when accessing via localhost.
Localhost link:
[URL]
Public link: (this results in 105 error caused by redirection (bold portion of link))
I was having trouble with pulse audio and completely obliterated pulse audio from my machine in order to prepare for a reinstall of pulse audio. this also uninstalled a few other packages that I needed to enter gnome or kde. when I try to login via gdm(?) my password will not authenticate (when I enter via xterm or tty the password is accepted). how can install packages off a live usb drive from Terminal. how to access a wifi network under terminal to use apt-get.
However: <code> root@domainator:~# ldapaddgroup test >> 01/03/11 - 22:16 : Command : /usr/sbin/ldapaddgroup test ldap_bind: Invalid credentials (49) ldap_bind: Invalid credentials (49) Error adding group test to LDAP Error adding group test to LDAP </code>
Here's various parts of my /etc/ldapscripts/ldapscripts.conf: <code> SERVER="domainator" BINDDN="cn=root,dc=example,dc=home" BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd" SUFFIX="dc=example,dc=home" # Global suffix GSUFFIX="ou=Groups" # Groups ou (just under $SUFFIX) USUFFIX="ou=Users" # Users ou (just under $SUFFIX) MSUFFIX="ou=Computers" # Machines ou (just under $SUFFIX) GIDSTART="10000" # Group ID UIDSTART="10000" # User ID MIDSTART="20000" # Machine ID </code> /etc/ldapscripts/ldapscripts.passwd permissions are root:root, 0400 a
And I have quadruple checked my password is correct. Is there a way to print out debugging from ldapscripts so I know what commands it is generating?
I have a query regarding login to roundcube via dovecot ldap. I have installed and set up the openldap on Ubuntu Server 11.04 with the help of the following article [URL]. I have also installed Postfix, Dovecot, Dovecot-ldap and roundcube as the mail client. Then, I went on to test if I can login through roundcube. I received "login failed". I'm sure the dovecot is running fine as well as Postfix and openLDAP server. All I can find from the log was "auth(default) LDAP: Can't connect to server: localhost".
I have samba allowing only known users, and on the ubuntu side, I have the folder permission 777. I have the same exact samba smb.conf file(locations of course matching new server), but I can't get it to authenticate with the new server(Old server is up and running too) and I'm lost. I thought I had it figured out when I did my last server, but I seem to be missing something on this one.
When I try to access at physical address (0xD0000), we known that it is necessary to convert physical address to virtual address using function IOREMAP(0xD0000, 1024) and return me 0xC00D0000.
Now our doubt is when I have a board with I/O in address 0x150, is it necessary to convert this address to other virtual address??? or with inb(0x150) return me state of I/O in this address? How can I known where is this I/O address in my map memory?
So far, I've been able to get my Box (Centos 5.3) authenticate users through LDAP. My next plan was to automount their home directory from our NAS device.But I'm struggling getting autofs talking to the LDAP Server.My Config Files:
/etc/ldap.conf [root@tmplt_CentOS-5 ~]# egrep -v '^#|^$?' /etc/ldap.conf base ou=intern,o=zde,dc=simiangroup,dc=com
