BG:I have build samba in redhat linux, and share a folder, then access the share folder from windows.
As the following shows, the connection information can be got via command "smbstatus"
[root#Redhat6 pam.d]# smbstatus
Samba version 3.5.10-125.el6
PID Username Group Machine
-------------------------------------------------------------------
8303 leon domain users win0832mc (::ffff:10.204.176.73)
we can get the user, the group of domain, then how to get the domain information?
Could please you help me on this? thanks.
User name shown by smbstatus is the name of the local user, not the user which connected to the share. The original name might have already been transformed with the help of 'username map' option in smb.conf.
Supposedly, you have one-to-one name mapping between incoming users and local POSIX users. In this case you can use 'wbinfo --uid-to-sid leon' to get Security Identifier (SID) of the user 'leon', and as next step do 'wbinfo --sid-to-fullname sid' to convert SID to fully qualified user name (DOMAIN\user).
Related
I am trying to set up a user for my raspberry pi which is restricted to one file. This means that on this file, the user has all permissions (rwx) but on all other files and directories he has not any permission, not even read.
I need this because I want to lend my raspi incl. code to someone else. The one file is my code's config file which the person should be able to change for testing purposes. But I do not want to show my code and other settings.
I tried to set up a user and a group but this means I have to change all files/directories on the raspi. I simply want to restrict the user.
Thanks for any help.
muleque
sudo useradd -m $USERNAME
This will provide you a new user with whatever name you replace $USERNAME with. This user will have access to their own home directory and you can place this file that you want them to have access to here, /home/$USERNAME.
If you want to further restrict this user's access to the rest of the machine you can create a chroot jail which means they can access nothing apart from this directory. There are many options for how to perform this but if the user will access the raspberry pi over SSH here is a simple example.
https://www.tecmint.com/restrict-ssh-user-to-directory-using-chrooted-jail/
I've created a new instance of AMI Oracle Database 11.2.0.1 64-bit Standard Edition; ami-3f739c56 supplied by Oracle. I've tried to access the instance via SSH from my Windows 10 PC (also from my Mac) but I get the error "Server refused our key. Disconnected: No supported authentication methods available (server sent: publickey, gssapi-with-mic)". I've tried:
User IDs: root; oracle; admin; ec2-user
restarting the instance
rebuilding the key-pairs
Searching Stack Overflow for anything related to this type of problem (everything I've found is out of date by several years and seem to related only to Ubuntu)
searching Oracle's site
searching the Internet
The key-pair that I initially used is fine for my Ubuntu instance that I'm able to connect (User ID: admin).
Everything that I've found so far points to the problem being with me using the wrong default User ID but I don't have anything to tell me what the correct User ID should be.
Any suggestions will be greatly appreciated.
Thanks.
In the AWS Marketplace, navigate to the AMI page
Click on the Usage tab
Click on View Usage Instructions
Note that if the vendor is clckwrk Ltd, then the user is clckwrk
(I did not find OP's "ami-3f739c56")
check health of your AMI:
In the navigation pane, choose Instances, and select the instance.
Choose Actions, Instance Settings, Get System Log.
Write to AWS support.
In my experience there are very "stupid" mistakes:
instance not allow ssh connection, check aws security groups and network acl
you have a typo when you connect via ssh
you have wrong permissions to the ssh key,
or you use wrong ssh key )
try -vvv parameters for ssh command, maybe you can see the erors
The user 'root' worked for me. When I logged in for the first time using 'root' user, it walked me though the Oracle setup process.
I faced the problem too. The username is: clckwrk
I am working on a windows machine that is maintained by our IT department. My user account me lives in a domain dom, which leads to my cygwin user name being dom+me. This is inconvenient because my user name is just me on all other machines that I want to talk to with ssh and so on. Is there a way to remove or hide the dom+ part from cygwin?
Some additional details: My cygwin home directory is /home/me, so that part is fine. Whoami replies dom+me, ssh asks for dom+me's password if I do not specify a user name.
ssh can be told to override the default user name by adding the following lines to the file ~/.ssh/config:
Host *
User me
Afterwards, ssh and scp use the default user name me.
I'm trying to setup OpenLDAP server and client on linux (Centos). After searching around a bit, my understanding is gidnumber and uidnumber work like uid and gid on unix, to identify a unique user and group. My question is
is there relationship between these LDAP and linux IDs? should the LDAP ones be the same as a user's uid/gid on linux (if I have such user already on the server host)?
If not, after a client authenticate a user, the user creates a file on the client host, what would the user/group linux ownership of the file looks like?
thanks
Yes, and therefore
Not applicable.
I'm use an Debian based OS here on my work an i've configured the service for test routines of ERP app...
This service (Tomcat+Java service) it's consumed via HTTP on intranet correctly...but the test leader sometimes need chance the database used by service application and uses SSH to access my machine to change database on config file and restart the service...eventually this person change some service or O.S. config throwing problems to me (on my O.S and others things..).
What i want know is if can i change my password only for SSH service (doesn't change to my KDE/Gnome session), just because the company's policy requires everyone to have a default password on stations...
Remebering that i'm a manager of config, maintenance and others jobs of service to test team...and change database solicitations can made to me.
A simple example:
KDE login if user 'carlos' and password '123456'
SSH login if user 'carlos' and password '4nyJokeHere'
That it's possible ?
Thanks in advance.
Possible? Maybe. You'd probably have to fiddle with pam.d to get SSH authenticating via a different mechanism to KDE etc.
Coming from a different angle, I may be missing something, can you not create a second user for the SSH process, keeping your main user for KDE etc cleanly separate?
I'd really strongly recommend trying to "split" a user into multiple purposes/security groups with differing passwords for each!
You can use authorized_keys to restrict the SSH commands available, and/or sudo...
Update: Some expansion on the subject as requested by the OP
You can limit commands available via SSH by using ~/.ssh/authorised_keys file - see O'Reilly for a good explanation.
I'm was solved this case applying a single rule here. On SSH service i'm was locked access of my user 'carlos --> sudoers' and enable access only for a user called 'padrao' (padrao translated to english is 'default').
This user 'padrao' doesn't have sudoers permissions. If i needed access with SSH my machine i'm do:
ssh padrao#my.intranet.machine
password: ***
$ su carlos
password: ***
This is not the best way to solve, but solved my problem here.
Thanks.