Winbind and pam - restrict all services except for samba access
Hi,
I have recently taken control of a number of RHEL5.3 servers that have samba shares setup on them and are authenticating using pam and winbind. My issue is that any user that has an active directory account can currently log in to the linux boxes using their ad credentials. I need to restrict all services except for samba access.
As a test to try and disable ssh I have tried adding the below line to /etc/pam.d/sshd but this has had the effect of stopping all new ssh connections. I hav also created the /etc/ssh_allow.pamlist file with the list of users that require access:
/etc/pam.d/sshd
/etc/pam.d/system-auth-ac
Any help would be greatly appreciated.
Hi everyone,
I wonder if anyone ever came across the idea of unifying AD and Linux user accounts
We have a Linux machine with 'samba' 'winbind' service configured to let Windows AD users to logon locally using their AD accounts and passwords.
I can use 'su' to get to the local user privilege... (0 Replies)
Hi all.
I'm having real trouble authenticating users against active directory for my SCO UnixWare 7.1.4 box running samba 3.0.24 (installed via Maintenance pack 4). I can list AD users/groups (after overcoming several hiccups) with wbinfo -g / wbinfo -u. I can use id to get a view an ad user ie:... (0 Replies)
Hi there
I have an application user on my system that wants accesses to these file systems as such:
rwx:
/SAPO
/SAPS12
/R3_888
/R3_888B
/R3_888F
/R3_888R
r:
/usr/sap
these are the existing FS permissions:ownerships:
# ls -ld /SAPO (9 Replies)
Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
Hi Folks,
Please help me. I am bit struck here.
Here is the OS info.
Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
I have a... (17 Replies)
Hi All,
I want to configure samba share permission so that only directory creator/owner has a read and write permission and other users should not have any read/write access to that folder.Will that be possible and how can this be achieved within samba configuration.
Regards,
Sahil (1 Reply)
I'm trying to use squid to restrict elinks' access to certain websites(only http traffic).
I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :)
---------- Post updated at 05:40 PM ---------- Previous update was at... (1 Reply)
Hi,
We now have a Samba or Winbind issue. The Linux client under RHEL6 can not get Windows' AD sub-domain info. See the following output please. The main domain 'Global' is shown online, but the sub-domain 'Europe' and 'Asia' are shown offline although they are online.
Commands 'wbinfo -u' and... (0 Replies)
Hi all,
I have installed samba 3.6.22 on AIX 7.1 and join a windows AD with success.
All seem to work fine, I have configured smb.conf, methods.cfg, kerberos, user .... the following command work fine wbinfo -u, wbinfo -g, wbinfo -i, wbinfo -s, wbinfo -S, lsuser, id...
The unique... (20 Replies)
Hi,
I would like to configure samba with PEM (with LDAP). I've already found, on the server, configured the PAM Authentication(with LDAP) for ssh. I wanted to know if it was possible to configure PAM for to authenticate to another LDAP only for SAMBA.
Is possibile duplicate the... (2 Replies)
Discussion started by: mark888
2 Replies
LEARN ABOUT OPENSOLARIS
tdbbackup
TDBBACKUP(1M) System Administration tools TDBBACKUP(1M)NAME
tdbbackup - tool for backing up and for validating the integrity of samba .tdb files
SYNOPSIS
tdbbackup [-s suffix] [-v] [-h]
DESCRIPTION
This tool is part of the samba(1) suite.
tdbbackup is a tool that may be used to backup samba .tdb files. This tool may also be used to verify the integrity of the .tdb files prior
to samba startup or during normal operation. If it finds file damage and it finds a prior backup the backup file will be restored.
OPTIONS -h
Get help information.
-s suffix
The -s option allows the adminisistrator to specify a file backup extension. This way it is possible to keep a history of tdb backup
files by using a new suffix for each backup.
-v
The -v will check the database for damages (currupt data) which if detected causes the backup to be restored.
COMMANDS
GENERAL INFORMATION
The tdbbackup utility can safely be run at any time. It was designed so that it can be used at any time to validate the integrity of tdb
files, even during Samba operation. Typical usage for the command will be:
tdbbackup [-s suffix] *.tdb
Before restarting samba the following command may be run to validate .tdb files:
tdbbackup -v [-s suffix] *.tdb
Samba .tdb files are stored in various locations, be sure to run backup all .tdb file on the system. Important files includes:
o secrets.tdb - usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba.
o passdb.tdb - usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba.
o *.tdb located in the /usr/local/samba/var directory or on some systems in the /var/cache or /var/lib/samba directories.
VERSION
This man page is correct for version 3.0 of the Samba suite.
AUTHOR
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open
Source project similar to the way the Linux kernel is developed.
The tdbbackup man page was written by John H Terpstra.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+--------------------+----------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+----------------------+
|Availability | SUNWsmbar, SUNWsmbau |
+--------------------+----------------------+
|Interface Stability | External |
+--------------------+----------------------+
NOTES
Source for Samba is available on http://opensolaris.org.
Samba(7) delivers the set of four SMF(5) services as can be seen from the following example:
$ svcs samba wins winbind swat
STATE STIME FMRI
disabled Apr_21 svc:/network/samba:default
disabled Apr_21 svc:/network/winbind:default
disabled Apr_21 svc:/network/wins:default
disabled Apr_21 svc:/network/swat:default
where the services are:
"samba"
runs the smbd daemon managing the CIFS sessions
"wins"
runs the nmbd daemon enabling the browsing (WINS)
"winbind"
runs the winbindd daemon making the domain idmap
"swat"
Samba Web Administration Tool is a service providing access to browser-based Samba administration interface and on-line documentation.
The service runs on software loopback network interface on port 901/tcp, i.e. opening "http://localhost:901/" in browser will access
the SWAT service on local machine.
Please note: SWAT uses HTTP Basic Authentication scheme where user name and passwords are sent over the network in clear text. In the SWAT
case the user name is root. Transferring such sensitive data is advisable only on the software loopback network interface or over secure
networks.
Samba 3.0 01/19/2009 TDBBACKUP(1M)