Web lists-archives.com

Re: [Samba] id <username> - doesnt list all groups




I guess thats the problem?! But why is it working for some users and for some not? I ve rebooted the server several times, to insure nobody is logged in.

# id user1
# id user2

Shows the same output like before.

My installed lib's:

# ls /lib/x86_64-linux-gnu/

device-mapper
ld-2.23.so
ld-linux-x86-64.so.2
libacl.so.1
libacl.so.1.1.0
libaio.so.1
libaio.so.1.0.1
libanl-2.23.so
libanl.so.1
libapparmor.so.1
libapparmor.so.1.4.0
libatm.so.1
libatm.so.1.0.0
libattr.so.1
libattr.so.1.1.0
libaudit.so.1
libaudit.so.1.0.0
libblkid.so.1
libblkid.so.1.1.0
libBrokenLocale-2.23.so
libBrokenLocale.so.1
libbsd.so.0
libbsd.so.0.8.2
libbz2.so.1
libbz2.so.1.0
libbz2.so.1.0.4
libc-2.23.so
libcap.so.2
libcap.so.2.24
libcidn-2.23.so
libcidn.so.1
libcom_err.so.2
libcom_err.so.2.1
libcrypt-2.23.so
libcrypto.so.1.0.0
libcryptsetup.so.4
libcryptsetup.so.4.6.0
libcrypt.so.1
libc.so.6
libdbus-1.so.3
libdbus-1.so.3.14.6
libdevmapper-event-lvm2mirror.so
libdevmapper-event-lvm2raid.so
libdevmapper-event-lvm2snapshot.so
libdevmapper-event-lvm2.so.2.02
libdevmapper-event-lvm2thin.so
libdevmapper-event.so.1.02.1
libdevmapper.so.1.02.1
libdl-2.23.so
libdl.so.2
libdns-export.so.162
libdns-export.so.162.1.3
libe2p.so.2
libe2p.so.2.3
libexpat.so.1
libexpat.so.1.6.0
libext2fs.so.2
libext2fs.so.2.4
libfdisk.so.1
libfdisk.so.1.1.0
libfuse.so.2
libfuse.so.2.9.4
libgcc_s.so.1
libgcrypt.so.20
libgcrypt.so.20.0.5
libglib-2.0.so.0
libglib-2.0.so.0.4800.2
libgpg-error.so.0
libgpg-error.so.0.17.0
libhistory.so.5
libhistory.so.5.2
libhistory.so.6
libhistory.so.6.3
libip4tc.so.0
libip4tc.so.0.1.0
libip6tc.so.0
libip6tc.so.0.1.0
libiptc.so.0
libiptc.so.0.0.0
libisc-export.so.160
libisc-export.so.160.0.0
libjson-c.so.2
libjson-c.so.2.0.0
libkeyutils.so.1
libkeyutils.so.1.5
libkmod.so.2
libkmod.so.2.3.0
liblvm2app.so.2.2
liblvm2cmd.so.2.02
liblzma.so.5
liblzma.so.5.0.0
liblzo2.so.2
liblzo2.so.2.0.0
libm-2.23.so
libmemusage.so
libmnl.so.0
libmnl.so.0.1.0
libmount.so.1
libmount.so.1.1.0
libm.so.6
libmvec-2.23.so
libmvec.so.1
libncurses.so.5
libncurses.so.5.9
libncursesw.so.5
libncursesw.so.5.9
libnewt.so.0.52
libnewt.so.0.52.18
libnih.so.1
libnih.so.1.0.0
libnl-3.so.200
libnl-3.so.200.22.0
libnl-genl-3.so.200
libnl-genl-3.so.200.22.0
libnsl-2.23.so
libnsl.so.1
libnss_compat-2.23.so
libnss_compat.so.2
libnss_dns-2.23.so
libnss_dns.so.2
libnss_files-2.23.so
libnss_files.so.2
libnss_hesiod-2.23.so
libnss_hesiod.so.2
libnss_nis-2.23.so
libnss_nisplus-2.23.so
libnss_nisplus.so.2
libnss_nis.so.2
libntfs-3g.so.861
libntfs-3g.so.861.0.0
libpamc.so.0
libpamc.so.0.82.1
libpam_misc.so.0
libpam_misc.so.0.82.0
libpam.so.0
libpam.so.0.83.1
libparted.so.2
libparted.so.2.0.1
libpci.so.3
libpci.so.3.3.1
libpcprofile.so
libpcre.so.3
libpcre.so.3.13.2
libply-boot-client.so.4
libply-boot-client.so.4.0.0
libply.so.4
libply.so.4.0.0
libply-splash-core.so.4
libply-splash-core.so.4.0.0
libply-splash-graphics.so.4
libply-splash-graphics.so.4.0.0
libpng12.so.0
libpng12.so.0.54.0
libpopt.so.0
libpopt.so.0.0.0
libprocps.so.4
libprocps.so.4.0.0
libpthread-2.23.so
libpthread.so.0
libreadline.so.5
libreadline.so.5.2
libreadline.so.6
libreadline.so.6.3
libresolv-2.23.so
libresolv.so.2
librt-2.23.so
librt.so.1
libseccomp.so.2
libseccomp.so.2.3.1
libSegFault.so
libselinux.so.1
libsepol.so.1
libslang.so.2
libslang.so.2.3.0
libsmartcols.so.1
libsmartcols.so.1.1.0
libssl.so.1.0.0
libss.so.2
libss.so.2.0
libsystemd.so.0
libsystemd.so.0.14.0
libthread_db-1.0.so
libthread_db.so.1
libtinfo.so.5
libtinfo.so.5.9
libudev.so.1
libudev.so.1.6.4
libulockmgr.so.1
libulockmgr.so.1.0.1
libusb-0.1.so.4
libusb-0.1.so.4.4.4
libusb-1.0.so.0
libusb-1.0.so.0.1.0
libutil-2.23.so
libutil.so.1
libuuid.so.1
libuuid.so.1.3.0
libwrap.so.0
libwrap.so.0.7.6
libxtables.so.11
libxtables.so.11.0.0
libz.so.1
libz.so.1.2.8
security

# ls /lib/x86_64-linux-gnu/security/

pam_access.so
pam_cifscreds.so
pam_debug.so
pam_deny.so
pam_echo.so
pam_env.so
pam_exec.so
pam_extrausers.so
pam_faildelay.so
pam_filter.so
pam_ftp.so
pam_group.so
pam_issue.so
pam_keyinit.so
pam_krb5.so
pam_lastlog.so
pam_limits.so
pam_listfile.so
pam_localuser.so
pam_loginuid.so
pam_mail.so
pam_mkhomedir.so
pam_motd.so
pam_namespace.so
pam_nologin.so
pam_permit.so
pam_pwhistory.so
pam_rhosts.so
pam_rootok.so
pam_securetty.so
pam_selinux.so
pam_sepermit.so
pam_shells.so
pam_stress.so
pam_succeed_if.so
pam_systemd.so
pam_tally2.so
pam_tally.so
pam_time.so
pam_timestamp.so
pam_tty_audit.so
pam_umask.so
pam_unix.so
pam_userdb.so
pam_warn.so
pam_wheel.so
pam_winbind.so
pam_xauth.so

Thanks

Micha
PS: I've this behavior of each domain member. But not with the same result. Its pretty confusing and i cant find any logical context.


Am 07.08.2018 um 13:49 schrieb Rowland Penny via samba:
On Tue, 7 Aug 2018 13:15:00 +0200
Micha Ballmann <ballmann@xxxxxxxxxxxxx> wrote:

Thank for your answer:

But i dont know understand why is following not working:

I want to restrict the ssh access for a special domain member:

In my "sshd_config" i added:

AllowGroups restrictaccess root

With user2 im able to login via ssh!

log: pam_krb5(sshd:auth): user user2 authenticated as
user2@xxxxxxxxxxx

With user1 im not!

log: User user1 from 192.168.0.100 not allowed because none of user's
groups are listed in AllowGroups.

Have a look to my email previously "id user2" shows the group
"restrictaccess " and "id user1" doesn't show. And i guess thats the
reason why user2 is able to login and user1 not?
No, once a user logs in (or attempts to) winbind should be able to fill
in the missing info.

What 'lib*.*' packages did you install with Samba ?

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba