From: Fajar P. <faj...@ar...> - 2012-05-22 05:29:42
|
Hi all, As usual, webmin 1.580 on Centos 5.8 Currently the Samba has "Account Lockout" Policy activated. So, when user tries to access the samba share with wrong password 5 times, the account will be locked out. Currently the situation is I can unlock the account either: - Removing the tick mark on Account is locked thru webmin, or - Run this command: pdbedit -z -u $username && pdbedit -c "[]" $username Can we grant user to do that from Webmin? Currently if I give the user access to "Samba Windows File Sharing > Can Edit and View Samba User Database", he can mess around with other users too. Can we make it so that he can only view and edit his Samba account only? Thank you in advance as always :) -- http://linux3.arinet.org |
From: Jamie C. <jca...@we...> - 2012-05-22 18:05:42
|
On 21/May/2012 22:29 Fajar Priyanto <faj...@ar...> wrote .. > Hi all, > As usual, webmin 1.580 on Centos 5.8 > > Currently the Samba has "Account Lockout" Policy activated. > So, when user tries to access the samba share with wrong password 5 > times, the account will be locked out. > > Currently the situation is I can unlock the account either: > - Removing the tick mark on Account is locked thru webmin, or > - Run this command: > pdbedit -z -u $username && pdbedit -c "[]" $username > > Can we grant user to do that from Webmin? > Currently if I give the user access to "Samba Windows File Sharing > > Can Edit and View Samba User Database", he can mess around with other > users too. > Can we make it so that he can only view and edit his Samba account only? > > Thank you in advance as always :) One way you could do this is by creating a button in the Custom Commands module that runs that pdbedit command, but with $BASE_REMOTE_USER instead of $username . Then you can create Webmin users who have access only to the custom commands module, and only permissions to click that one button (and not edit it). Using webmin groups should make this easier, or you can grant all members of some Unix group permission to login to Webmin .. - Jamie |
From: Fajar P. <faj...@ar...> - 2012-06-05 05:40:56
|
On Wed, May 23, 2012 at 2:05 AM, Jamie Cameron <jca...@we...> wrote: > On 21/May/2012 22:29 Fajar Priyanto <faj...@ar...> wrote .. >> Hi all, >> As usual, webmin 1.580 on Centos 5.8 >> >> Currently the Samba has "Account Lockout" Policy activated. >> So, when user tries to access the samba share with wrong password 5 >> times, the account will be locked out. >> >> Currently the situation is I can unlock the account either: >> - Removing the tick mark on Account is locked thru webmin, or >> - Run this command: >> pdbedit -z -u $username && pdbedit -c "[]" $username >> >> Can we grant user to do that from Webmin? >> Currently if I give the user access to "Samba Windows File Sharing > >> Can Edit and View Samba User Database", he can mess around with other >> users too. >> Can we make it so that he can only view and edit his Samba account only? >> >> Thank you in advance as always :) > > One way you could do this is by creating a button in the Custom Commands > module that runs that pdbedit command, but with $BASE_REMOTE_USER > instead of $username . Then you can create Webmin users who have access > only to the custom commands module, and only permissions to click that > one button (and not edit it). > > Using webmin groups should make this easier, or you can grant all members > of some Unix group permission to login to Webmin .. > Hi Jamie, Sorry for the late reply. I've created the custom command. /usr/bin/pdbedit -z -u $BASE_REMOTE_USER && /usr/bin/pdbedit -c "[]" -u $BASE_REMOTE_USER But it says: Output from /usr/bin/pdbedit -z -u $BASE_REMOTE_USER && /usr/bin/pdbedit -c "[]" -u $BASE_REMOTE_USER .. Username not specified! (use -u option) I try to create command: echo $BASE_REMOTE_USER but nothing is returned. What do I do wrong? Thank you. Fajar. -- http://linux3.arinet.org |
From: Jamie C. <jca...@we...> - 2012-06-05 08:57:51
|
On 04/Jun/2012 22:40 Fajar Priyanto <faj...@ar...> wrote .. > On Wed, May 23, 2012 at 2:05 AM, Jamie Cameron <jca...@we...> wrote: > > On 21/May/2012 22:29 Fajar Priyanto <faj...@ar...> wrote .. > >> Hi all, > >> As usual, webmin 1.580 on Centos 5.8 > >> > >> Currently the Samba has "Account Lockout" Policy activated. > >> So, when user tries to access the samba share with wrong password 5 > >> times, the account will be locked out. > >> > >> Currently the situation is I can unlock the account either: > >> - Removing the tick mark on Account is locked thru webmin, or > >> - Run this command: > >> pdbedit -z -u $username && pdbedit -c "[]" $username > >> > >> Can we grant user to do that from Webmin? > >> Currently if I give the user access to "Samba Windows File Sharing > > >> Can Edit and View Samba User Database", he can mess around with other > >> users too. > >> Can we make it so that he can only view and edit his Samba account only? > >> > >> Thank you in advance as always :) > > > > One way you could do this is by creating a button in the Custom Commands > > module that runs that pdbedit command, but with $BASE_REMOTE_USER > > instead of $username . Then you can create Webmin users who have access > > only to the custom commands module, and only permissions to click that > > one button (and not edit it). > > > > Using webmin groups should make this easier, or you can grant all members > > of some Unix group permission to login to Webmin .. > > > > Hi Jamie, > Sorry for the late reply. > I've created the custom command. > /usr/bin/pdbedit -z -u $BASE_REMOTE_USER && /usr/bin/pdbedit -c "[]" > -u $BASE_REMOTE_USER > > But it says: > Output from /usr/bin/pdbedit -z -u $BASE_REMOTE_USER && > /usr/bin/pdbedit -c "[]" -u $BASE_REMOTE_USER .. Username not > specified! (use -u option) > > I try to create command: > echo $BASE_REMOTE_USER > but nothing is returned. > > What do I do wrong? My mistake .. you should use $REMOTE_USER instead. |
From: Fajar P. <faj...@ar...> - 2012-06-05 10:13:43
|
On Tue, Jun 5, 2012 at 4:57 PM, Jamie Cameron <jca...@we...> wrote: >> >> Currently the situation is I can unlock the account either: >> >> - Removing the tick mark on Account is locked thru webmin, or >> >> - Run this command: >> >> pdbedit -z -u $username && pdbedit -c "[]" $username >> I try to create command: >> echo $BASE_REMOTE_USER >> but nothing is returned. >> >> What do I do wrong? > > My mistake .. you should use $REMOTE_USER instead. Thanks a lot Jamie. It works :) Btw, where can I see a list of Webmin variables? -- http://linux3.arinet.org |
From: Jamie C. <jca...@we...> - 2012-06-05 11:08:37
|
On 05/Jun/2012 03:13 Fajar Priyanto <faj...@ar...> wrote .. > On Tue, Jun 5, 2012 at 4:57 PM, Jamie Cameron <jca...@we...> wrote: > >> >> Currently the situation is I can unlock the account either: > >> >> - Removing the tick mark on Account is locked thru webmin, or > >> >> - Run this command: > >> >> pdbedit -z -u $username && pdbedit -c "[]" $username > > >> I try to create command: > >> echo $BASE_REMOTE_USER > >> but nothing is returned. > >> > >> What do I do wrong? > > > > My mistake .. you should use $REMOTE_USER instead. > > Thanks a lot Jamie. It works :) > Btw, where can I see a list of Webmin variables? Create a custom command to run "env" |