[linux] Winbind 2

Dezider Gora gora na wittmann.sk
Čtvrtek Leden 30 20:24:07 CET 2003 

pridavok k poslednemu mailu do stareho threadu...
mala oprava - utilitka je win2k server RK
mozno je to utopia, ale snad by existovala cesticka.
Popri novej domene mi este dobieha stary workgroup, kde systemom, ktory
overuje je samba.
Nie je PDC, ibab obycajny workgroup comp. Mam este jednu linuxovu
masinu, na ktorej mam 20 siet. tlaciarni, a pristup k tlaciarnam je
rieseny takto:
   #Security settings
    # added options to validate users via xxx server
    security = server
    password server = xxx
    #end of security change
    hosts allow = 192.168.10.
    guest account = guest
    admin users = administrator

<SPEKULACIA>
Pokial mas volby tykajuce sa kryptovania a synchronizacie hesiel
nakonfigurovane:
    encrypt passwords = Yes
    update encrypted = Yes
    unix password sync = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password*
%n\n *passwd:*all*authentication*tokens*updated*successfully*
    smb passwd file = /etc/samba/smbpasswd
    username map = /etc/samba/smbusers
 mohlo by sa stat, ze scriptom pridas userov do systemu ( /etc/passwd )
a potom poziadas userov, aby si zmenili hesla. Je mozne, ze samba urobi
to, ze ti updatne hesla v passwd a smbpasswd...
</SPEKULACIA>
Naozaj neviem, ako sa to zachova, ale mozno by to vyslo. Ak si dobre
pamatam, tak pokial si userov klikne na zmenu hesla, tak mu to zmeni
heslo vo vsetkych pripojenych resourcoch...
Takze ak by si si napriklad vyrobil script, ktory by skontroloval, ci
user uz existuje v systeme, tak ho iba prida do smbpasswd, a zmeni hesla
a dal ho do dorektivy passwd program, mohlo by to vyjst.

Gore.

Kocur wrote:

> nazdar.. takze po zruseni vsetkych moznych konfiguracii a nastaveni..a
> opetovnom nakonfigurovani samby a winbindu sa miwinbind konecne
> rozbehol..wbinfo -t   "secret is good"wbinfo -u  -vypisal vstkych
> userov..wbinfo -g  -vypisal groupy funguje aj  -N <server_name> ibaze
> mi stale nedoplna userov do passwdgrupy do groupa workstationy do
> hosts ak sa skusim nalogovat na linux pomocou accountu na w2k,tak mi
> na obrazovke preblikne ze vytvara /home/DOMAIN/<user>a vrati ma
> naspet...(ale to asi preto ze defaultny shell ma nastaveny
> /bin/flase) a v logu najdem nieco taketo... -cut-Jan 30 09:56:33 gw
> kernel: martian source 195.168.25.15 from 195.168.25.10, on d
> Jan 30 09:56:33 gw kernel: ll header:
> 00:10:4b:ad:40:19:00:03:47:ab:cb:c7:08:00
> Jan 30 09:56:34 gw pam_winbind[18940]: user 'kocur' granted acces
> Jan 30 09:56:34 gw pam_winbind[18940]: user 'kocur' granted acces
> Jan 30 09:56:34 gw login(pam_unix)[18940]: session opened for user
> kocur by (uid
> Jan 30 09:56:34 gw login[18940]: Permission denied
> Jan 30 09:56:39 gw kernel: NET: 2 messages suppressed.
> -cut- neak tomu uz prestavam rozuniet..mate to niekto rozbehane taq,
> ze to zapisuje w2k userov passwd a pod...??

Další informace o konferenci linux