Lze získat roota pouze se zapalovačem? Ano, lze.
Konference LinuxDays 2024 proběhne již tento víkend 12. a 13. října v Praze. Na programu je spousta zajímavých přednášek a workshopů, zástup zajímavých osobností a stánky řady projektů: Fedora, openSUSE, vpsFree.cz, Mozilla, brmlab, OpenAlt a mnoho dalších. Vstup zdarma.
Představeny byly oficiální Raspberry Pi microSD karty třídy A2 a silikonový kryt na Raspberry Pi 5.
OpenRazer byl vydán ve verzi 3.9.0. Jedná se o svobodný software, ovladač a démon, umožňující nastavovat klávesnice, notebooky, myši, podložky pod myš, keypady, sluchátka a další zařízení od společnosti Razer na GNU/Linuxu.
Byla vydána verze 3.6 multiplatformního integrovaného vývojového prostředí (IDE) pro rychlý vývoj aplikaci (RAD) ve Free Pascalu Lazarus (Wikipedie). Přehled novinek v poznámkách k vydání. Využíván je Free Pascal Compiler (FPC) 3.2.2.
Na čem aktuálně pracují vývojáři GNOME a KDE? Pravidelný přehled novinek v Týden v GNOME a Týden v KDE.
Byla vydána nová verze 8.8 multiplatformní digitální pracovní stanice pro práci s audiem (DAW) Ardour. Přehled oprav, vylepšení a novinek v oficiálním oznámení.
Byla vydána nová major verze 11.0.0 nástroje mitmproxy určeného pro vytváření interaktivních MITM proxy pro HTTP a HTTPS komunikaci. Přehled novinek v příspěvku na blogu. Vypíchnuta je plná podpora HTTP/3 a vylepšená podpora DNS.
Richard Hughes na svém blogu představil nejnovější major verzi 2.0.0 nástroje fwupd umožňujícího aktualizovat firmware zařízení na počítačích s Linuxem. Podrobný přehled novinek v poznámkách k vydání. Přehled podporovaných zařízení, nejnovějších firmwarů a zapojených výrobců na stránkách LVFS (Linux Vendor Firmware Service).
Počítačová hra Kvark (Steam) od studia Perun Creative dospěla do verze 1.0 (𝕏). Běží také na Linuxu.
10.0.0.228 NANO-RBF #PRE #DOM:NANO >> %systemroot%\system32\drivers\etc\lmhosts 10.0.0.228 "NANO \0x1b" #PRE >> %systemroot%\system32\drivers\etc\lmhostsa registre:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters] "DomainCompatibilityMode"=dword:00000001 "DNSNameResolutionRequired"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] "requiresignorseal"=dword:00000000 "requirestrongkey"=dword:00000000 "signsecurechannel"=dword:00000000 "RequireSignOnSeal"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] "CompatibleRUPSecurity" = dword:00000001Samba log
[2012/05/28 17:14:44.249154, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: virtual-pc$ [2012/05/28 17:14:44.250458, 2] ../libcli/auth/credentials.c:308(netlogon_creds_server_check_internal) credentials check failed [2012/05/28 17:14:44.250543, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client VIRTUAL-PC machine account VIRTUAL-PC$smb.conf
#======================= Global Settings ======================= [global] ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = nanodesign netbios name = nano-rbf server signing = no os level = 255 local master = yes # server string is the equivalent of the NT Description field server string = %h server (Samba, Ubuntu) # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # This will prevent nmbd to search for NetBIOS names through DNS. ; dns proxy = yes # What naming service and in what order should we use to resolve host names # to IP addresses ; name resolve order = lmhosts host wins bcast #### Networking #### # The specific set of interfaces / networks to bind to # This can be either the interface name or an IP address/netmask; # interface names are normally preferred ; interfaces = 127.0.0.0/8 eth0 # Only bind to the named interfaces and/or networks; you must use the # 'interfaces' option above to use this. # It is recommended that you enable this feature if your Samba machine is # not protected by a firewall or is a firewall itself. However, this # option cannot handle dynamic or non-broadcast interfaces correctly. ; bind interfaces only = yes #### Debugging/Accounting #### # This tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m log level = 2 # Cap the size of the individual log files (in KiB). max log size = 1000 # If you want Samba to only log through syslog then set the following # parameter to 'yes'. # syslog only = no # We want Samba to log a minimum amount of information to syslog. Everything # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log # through syslog you should set the following parameter to something higher. syslog = 0 # Do something sensible when Samba crashes: mail the admin a backtrace panic action = /usr/share/samba/panic-action %d ####### Authentication ####### # "security = user" is always a good idea. This will require a Unix account # in this server for every user accessing the server. See # /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html # in the samba-doc package for details. security = user # You may wish to use password encryption. See the section on # 'encrypt passwords' in the smb.conf(5) manpage before enabling. encrypt passwords = true # If you are using encrypted passwords, Samba will need to know what # password database type you are using. passdb backend = ldapsam:ldap://localhost ldap suffix = dc=nanodesign,dc=sk ldap admin dn = cn=admin,dc=nanodesign,dc=sk ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap passwd sync = yes ldap delete dn = Yes # idmap backend = ldap # idmap alloc backend = ldap # idmap uid = 10000-20000 # idmap gid = 10000-20000 # ldapsam:editposix = yes # ldapsam:trusted = yes # idmap alloc config:ldap_url = ldap://localhost # idmap alloc config:ldap_user_dn = cn=admin,dc=nanodesign,dc=sk # idmap alloc config:ldap_base_dn = ou=idmaps,dc=nanodesign,dc=sk # Samba and LDAP server are on the same server in this example. ldap ssl = no # Scripts for Samba to use if it creates users, groups, etc. add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' # Script that Samba users when a PC joins the domain .. # (when changing 'Computer Properties' on the PC) add machine script = /usr/sbin/smbldap-useradd -w '%u' # Values used when a new user is created .. # (Note: '%L' does not work properly with smbldap-tools 0.9.4-1) logon drive = H: logon home = \\nano-rfb\%U logon path = \\nano-rbf\Profiles\%U logon script = logon.bat # This is required for Windows XP client .. server signing = auto server schannel = Auto obey pam restrictions = yes # This boolean parameter controls whether Samba attempts to sync the Unix # password with the SMB password when the encrypted SMB password in the # passdb is changed. unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . # This boolean controls whether PAM will be used for password changes # when requested by an SMB client instead of the program listed in # 'passwd program'. The default is 'no'. pam password change = yes # This option controls how unsuccessful authentication attempts are mapped # to anonymous connections map to guest = bad user ########## Domains ########### # Is this machine able to authenticate users. Both PDC and BDC # must have this setting enabled. If you are the BDC you must # change the 'domain master' setting to no # domain logons = yes # # The following setting only takes effect if 'domain logons' is set # It specifies the location of the user's profile directory # from the client point of view) # The following required a [profiles] share to be setup on the # samba server (see below) ; logon path = \\%N\profiles\%U # Another common choice is storing the profile in the user's home directory # (this is Samba's default) # logon path = \\%N\%U\profile # The following setting only takes effect if 'domain logons' is set # It specifies the location of a user's home directory (from the client # point of view) ; logon drive = H: # logon home = \\%N\%U # The following setting only takes effect if 'domain logons' is set # It specifies the script to run during logon. The script must be stored # in the [netlogon] share # NOTE: Must be store in 'DOS' file format convention ; logon script = logon.cmd # This allows Unix users to be created on the domain controller via the SAMR # RPC pipe. The example command creates a user account with a disabled Unix # password; please adapt to your needs ; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u # This allows machine accounts to be created on the domain controller via the # SAMR RPC pipe. # The following assumes a "machines" group exists on the system ; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u # This allows Unix groups to be created on the domain controller via the SAMR # RPC pipe. ; add group script = /usr/sbin/addgroup --force-badname %g ########## Printing ########## # If you want to automatically load your printer list rather # than setting them up individually then you'll need this # load printers = yes # lpr(ng) printing. You may wish to override the location of the # printcap file ; printing = bsd ; printcap name = /etc/printcap # CUPS printing. See also the cupsaddsmb(8) manpage in the # cupsys-client package. ; printing = cups ; printcap name = cups ############ Misc ############ # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /home/samba/etc/smb.conf.%m # Most people will find that this option gives better performance. # See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/speed.html # for details # You may want to add the following on a Linux system: # SO_RCVBUF=8192 SO_SNDBUF=8192 # socket options = TCP_NODELAY # The following parameter is useful only if you have the linpopup package # installed. The samba maintainer and the linpopup maintainer are # working to ease installation and configuration of linpopup and samba. ; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' & # Domain Master specifies Samba to be the Domain Master Browser. If this # machine will be configured as a BDC (a secondary logon server), you # must set this to 'no'; otherwise, the default behavior is recommended. domain master = Yes # Some defaults for winbind (make sure you're not using the ranges # for something else.) ; idmap uid = 10000-20000 ; idmap gid = 10000-20000 ; template shell = /bin/bash # The following was the default behaviour in sarge, # but samba upstream reverted the default because it might induce # performance issues in large organizations. # See Debian bug #368251 for some of the consequences of *not* # having this setting and smb.conf(5) for details. ; winbind enum groups = yes ; winbind enum users = yes # Setup usershare options to enable non-root users to share folders # with the net usershare command. # Maximum number of usershare. 0 (default) means that usershare is disabled. ; usershare max shares = 100 # Allow users who've been granted usershare privileges to create # public shares, not just authenticated ones usershare allow guests = yes #======================= Share Definitions ======================= # Un-comment the following (and tweak the other settings below to suit) # to enable the default home directory shares. This will share each # user's home director as \\server\username ;[homes] ; comment = Home Directories ; browseable = no # By default, the home directories are exported read-only. Change the # next parameter to 'no' if you want to be able to write to them. ; read only = yes # File creation mask is set to 0700 for security reasons. If you want to # create files with group=rw permissions, set next parameter to 0775. ; create mask = 0700 # Directory creation mask is set to 0700 for security reasons. If you want to # create dirs. with group=rw permissions, set next parameter to 0775. ; directory mask = 0700 # By default, \\server\username shares can be connected to by anyone # with access to the samba server. Un-comment the following parameter # to make sure that only "username" can connect to \\server\username # The following parameter makes sure that only "username" can connect # # This might need tweaking when using external authentication schemes ; valid users = %S # Un-comment the following and create the netlogon directory for Domain Logons # (you need to configure Samba to act as a domain controller too.) ;[netlogon] ; comment = Network Logon Service ; path = /home/samba/netlogon ; guest ok = yes ; read only = yes # Un-comment the following and create the profiles directory to store # users profiles (see the "logon path" option above) # (you need to configure Samba to act as a domain controller too.) # The path below should be writable by all users so that their # profile directory may be created the first time they log on ;[profiles] ; comment = Users profiles ; path = /home/samba/profiles ; guest ok = no ; browseable = no ; create mask = 0600 ; directory mask = 0700 #[printers] # comment = All Printers # browseable = no # path = /var/spool/samba # printable = yes # guest ok = no # read only = yes # create mask = 0700 # Windows clients look for this share name as a source of downloadable # printer drivers #[print$] # comment = Printer Drivers # path = /var/lib/samba/printers # browseable = yes # read only = yes # guest ok = no # Uncomment to allow remote administration of Windows print drivers. # You may need to replace 'lpadmin' with the name of the group your # admin users are members of. # Please note that you also need to set appropriate Unix permissions # to the drivers directory for these users to have write rights in it ; write list = root, @lpadmin # A sample share for sharing your CD-ROM with others. ;[cdrom] ; comment = Samba server's CD-ROM ; read only = yes ; locking = no ; path = /cdrom ; guest ok = yes # The next two parameters show how to auto-mount a CD-ROM when the # cdrom share is accesed. For this to work /etc/fstab must contain # an entry like this: # # /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0 # # The CD-ROM gets unmounted automatically after the connection to the # # If you don't want to use auto-mounting/unmounting make sure the CD # is mounted on /cdrom # ; preexec = /bin/mount /cdrom ; postexec = /bin/umount /cdrom [homes] comment = Home Directories valid users = %S read only = No browseable = No # path = /data/samba/home/%u [netlogon] comment = Network Logon Service path = /data/samba/netlogon admin users = root guest ok = Yes browseable = No [Profiles] comment = Roaming Profile Share # would probably change this to elsewhere in a production system .. path = /data/samba/profiles read only = No profile acls = Yes browsable = No [test-share] comment = FU path = /data/test valid users = @test1 admin users = @test2 browsable = Yes writeable = yesDakujem
Řešení dotazu:
HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 1 DWORD RequireStrongKey = 1a vyskytla sa nova chyba! Po uspesnom pridani pocitaca do domeny (a restarte) windows po pokuse o prihlasenie do domeny "there are currently no logon servers available to service the logon request" smb log
[2012/05/28 18:22:48.127657, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2012/05/28 18:22:48.130438, 2] auth/token_util.c:479(finalize_local_nt_token) WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gidsaku ulohu tu hra winbind? Predtym na XP stanici sa mi podarilo prihlasit aj bez toho aby som ho instaloval.
# Global parameters [global] workgroup = MELOUNY netbios name = HRACH security = user enable privileges = yes interfaces = eth0, lo username map = /etc/samba/smbusers server string = hrach Samba #security = ads encrypt passwords = Yes #pam password change = no obey pam restrictions = No # method 2: unix password sync = yes ldap passwd sync = no passwd program = /usr/sbin/smbldap-passwd -u "%u" passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n" log level = 0 syslog = 0 log file = /var/log/samba/log.%U max log size = 100000 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 ; Dos charset = 850 ; Unix charset = LOCALE logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes domain master = Yes os level = 65 preferred master = Yes wins support = yes # passdb backend = ldapsam:"ldap://ldap1.company.com ldap://ldap2.company.com" passdb backend = ldapsam:"ldap://127.0.0.1/" ldap admin dn = cn=admin,dc=melouny,dc=eu ldap ssl = Off ldap suffix = dc=melouny,dc=eu ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=Computers #ldap idmap suffix = ou=Idmap add user script = /usr/sbin/smbldap-useradd -m "%u" #ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel "%u" add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" #delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' # printers configuration load printers = Yes create mask = 0640 directory mask = 0750 #force create mode = 0640 #force directory mode = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no [netlogon] path = /home/netlogon/ browseable = No read only = yes [profiles] path = /home/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable nt acl support = yes invalid users = secur # next line is a great way to secure the profiles #force user = %U # next line allows administrator to access all profiles #valid users = %U "Domain Admins" [printers] comment = Network Printers path = /var/spool/samba browseable = No guest ok = yes read only = Yes printable = Yes use client driver = Yes [print$] path = /home/printers guest ok = No browseable = Yes read only = Yes valid users = @"Print Operators" write list = @"Print Operators" create mask = 0664 directory mask = 0775 [homes] comment = Home Directories valid users = %S read only = No browseable = No [public] comment = testACL path=/home/public guest ok = yes read only = No browseable = yes create mode = 0664 directory mask = 0775 nt acl support = yes [securdata] comment = Uctujeme path=/home/Nehoda read only = no create mask = 0660 directory mask = 0770 force group = securg browseable = Yes guest ok = Yes valid users = @securg,secur,spravce nt acl support = yes
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters] "DNSNameResolutionRequired"=dword:00000000 "DomainCompatibilityMode"=dword:00000001Pak vidí doménu a můžou se přihlásit.
Tiskni Sdílej: