I have added my Linux box to my NT PDS. Now my understanding is that I have to create the same users on the Linux box that I presently have on the NT box. I have a few questions... One name on the PDS has a space in it, like this "Mike Wilson". How do I setup an account for that login on the Linux box? I have other accounts that are over 8 characters long. How do I deal with that? Most important, I want all the NT accounts to ONLY have smb access, I don't want any of them to be able to log into the Linux box from the console, telnet, or any other means other then smb. Is there a way I can do that? Sam -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Wed, 05 Jan 2000, Sam Carleton wrote:
I have added my Linux box to my NT PDS. Now my understanding is that I have to create the same users on the Linux box that I presently have on the NT box. I have a few questions...
One name on the PDS has a space in it, like this "Mike Wilson". How do I setup an account for that login on the Linux box? I have other accounts that are over 8 characters long. How do I deal with that?
Most important, I want all the NT accounts to ONLY have smb access, I don't want any of them to be able to log into the Linux box from the console, telnet, or any other means other then smb. Is there a way I can do that?
Sam
Just a thought from an earlier post. . .couldn't you just remove the shell entry from the passwd file or point it to somthing harmless like /dev/null so that they have valid passwords but can't get a shell? -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Darren R. Weber drw@linuxfan.com ICQ# 2849193 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Wed, 05 Jan 2000, Darren R. Weber wrote:
On Wed, 05 Jan 2000, Sam Carleton wrote:
Most important, I want all the NT accounts to ONLY have smb access, I don't want any of them to be able to log into the Linux box from the console, telnet, or any other means other then smb. Is there a way I can do that?
Sam
Just a thought from an earlier post. . .couldn't you just remove the shell entry from the passwd file or point it to somthing harmless like /dev/null so that they have valid passwords but can't get a shell?
IIRC, it's /bin/false; or maybe it was just false... -- -=|JP|=- Jon Pennington | Atipa Linux Solutions -o) jpennington@atipa.com | http://www.atipa.com /\\ Kansas City, MO, USA | 816-241-2641 _\_V -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Jon Pennington wrote:
On Wed, 05 Jan 2000, Darren R. Weber wrote:
On Wed, 05 Jan 2000, Sam Carleton wrote:
Most important, I want all the NT accounts to ONLY have smb access, I don't want any of them to be able to log into the Linux box from the console, telnet, or any other means other then smb. Is there a way I can do that?
Sam
Just a thought from an earlier post. . .couldn't you just remove the shell entry from the passwd file or point it to somthing harmless like /dev/null so that they have valid passwords but can't get a shell?
IIRC, it's /bin/false; or maybe it was just false...
Does this also deny things like FTP and other services? The ONLY thing I want to work is Samba. The box is a firewall! -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Thu, 06 Jan 2000, Sam Carleton wrote:
Jon Pennington wrote:
IIRC, it's /bin/false; or maybe it was just false...
Does this also deny things like FTP and other services? The ONLY thing I want to work is Samba. The box is a firewall!
I guess I'm confused. Why is your firewall doing anything other than firewalling? Yes, shell:/bin/false will allow them to connect via ftp and other services, so no, this isn't a complete solution. Why is it so bloody important that it has to reside on your firewall machine? This presents security holes that I would not be comforatble tying to work around. -- -=|JP|=- Jon Pennington | Atipa Linux Solutions -o) jpennington@atipa.com | http://www.atipa.com /\\ Kansas City, MO, USA | 816-241-2641 _\_V -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Hi.
At 21:17 on 5 Jan 00, Darren R. Weber begun to yabber about "Re:
[SLE] accounts ONLY for smb"
From: "Darren R. Weber"
Just a thought from an earlier post. . .couldn't you just remove the shell entry from the passwd file or point it to somthing harmless like /dev/null so that they have valid passwords but can't get a shell?
There is already something like that in most user addition programs called the false shell.. That is how i make all my samba accounts on my dedicated samba servers. Cya Matthew Matthew King: Sys Admin, Quakers Hill High School. My ICQ#: 2342475 Message me! Cellular Phone: +61 415 257 516 E-Mail: noodle@penguinpowered.com Homepage: http://www.penguinpowered.com/~noodle/ -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT d+ s: a--- C++++ UL++++ P+ L+++ E---- W++ N++ o++ K w O- M- V- PS+ PE Y+ PGP- t+ 5++++ X++ R+ tv++ b+++ DI+++++ D++ G+++ e* h* r++ y+ ------END GEEK CODE BLOCK------ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
I have added my Linux box to my NT PDS. Now my understanding is that I have to create the same users on the Linux box that I presently have on the NT box. I have a few questions...
One name on the PDS has a space in it, like this "Mike Wilson". How do I setup an account for that login on the Linux box? I have other accounts that are over 8 characters long. How do I deal with that?
I just tried creating an account 'mike wilson' on my suse 6.0 box. Logged in just fine. I don't know if you'll have any problems with smb, though. As long as the usernames don't have ':'s in them, it might just work. Caveat emptor, of course. I can't try it out on smb from where I'm at now. Since you only want smb access, though, I'd say try it and see what happens.
Most important, I want all the NT accounts to ONLY have smb access, I don't want any of them to be able to log into the Linux box from the console, telnet, or any other means other then smb. Is there a way I can do that?
Set the shell to /bin/false. That will cover console and telnet; not 100% sure about rsh/rlogin, but I think they'll be ok also. -- Ron Oliver (mailto:roliver-suse@quantum-networks.com) -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (6)
-
activex1@one.net -
Anonymous User -
jpennington@atipa.com -
noodle@penguinpowered.com -
roliver-suse@quantum-networks.com -
weberdr@bellsouth.net