Windows AD users are not able access samba share whereas few user can access it

smb.conf [global] security = ADS workgroup = EUCARRIER realm = EU.CARRIER.UTC.COM client use spnego = yes server signing = auto server string = Samba Server winbind enum users = yes winbind enum groups = yes winbind use default domain = yes

idmap config * : backend = tdb idmap config * : range = 10000-20000  template shell = /bin/bash log file = /var/log/samba/log.%m max log size = 50 load printers = no 

[scanin2] path = /data2/scan/in2 valid users = +”EUCARRIER\fr_mtl_carrier_user” public = yes browseable = yes printable = no comment = scanFolderFromMFD writeable = yes guest ok = no hosts allow = 172.30.

Incident response to a medium scale phishing attack whereas the targets are not from our company?

Our company suffered a phishing attack yesterday. While investigating about the attacker and the potential employees of ours who might have been phished, we ended up with the attacker database of phished users.

This database include user email and passwords (~40) from multiple companies (~10) who seems to be sharing the same phishing attack as us. Moreover, it seems that the target are high profile.

So far, here is what we have been accomplishing :

  • Contact targeted companies and list phished users
  • Contact websites where the phishing attack is happening (it is happening on multiple hacked websites so it’s hard to stop it)

However, we’re not sure this is the best way to deal with the following situation, here is why :

  • More and more users still enter their credentials and this is not our role to secure other companies users and we would like to stop wasting time on this (most of the companies following up to our email or calling us asking for more details).

  • We are worried that some companies (targeted companies being in the same industry as us) might not understand us well and think we are in some way associated to that phishing attack because we are one of their competitors

  • We are doing security for our competitors (so we’re spending money for them)

One solution could be to publish a blog post but it has downsides too such as being seen as a toxic player because we would be pointing fingers at our competitors security. Another solution would be not to contact this companies and let them get compromised.

What would be the best way to react to this phishing attack ?

Toggling an interface causes static ipv6 address to be deleted whereas ipv4 address stays. How to make ipv6 address also stay?

I’m working with kernel 2.6.32. I have set a static ipv4 and ipv6 address on my machine.

ifconfig eth1 eth1      Link encap:Ethernet  HWaddr 00:50:56:AB:8D:A1           inet addr:10.5.175.254  Bcast:10.5.255.255  Mask:255.255.128.0           inet6 addr: 2011:1::/32 Scope:Global           inet6 addr: fe80::250:56ff:feab:8da1/64 Scope:Link           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1           RX packets:4470 errors:0 dropped:2 overruns:0 frame:0           TX packets:22237 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:100           RX bytes:235138 (229.6 KiB)  TX bytes:1389682 (1.3 MiB) 

After that I toggled the interface

ip link set dev eth1 down ip link set dev eth1 up 

Then the output

ifconfig eth1 eth1      Link encap:Ethernet  HWaddr 00:50:56:AB:8D:A1           inet addr:10.5.175.254  Bcast:10.5.255.255  Mask:255.255.128.0           inet6 addr: fe80::250:56ff:feab:8da1/64 Scope:Link           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1           RX packets:4470 errors:0 dropped:2 overruns:0 frame:0           TX packets:22240 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:100           RX bytes:235138 (229.6 KiB)  TX bytes:1389940 (1.3 MiB) 

How do I make the ipv6 comeback like the ipv4 ?

There is a solution in the newer kernels https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1218442

I’m looking if there is a solution or a workaround to make it work for 2.6.32 kernel.

A fresh Win10 installation doesnt see neither printer nor NAS, whereas original one does

My laptop (ZBook 15 G4) came with 1 drive with Win10 (lets call it Installation A) on it. I installed another SSD and put a fresh Win10 on it(installation B). I was planning to format the original drive to put Linux on it, but didnt get to it yet. So right now I have 2 drives, both with separate Win10 Pro 1803 on them. Pretty identical, one would think.

The problem: Installation A sees the NAS on my router (FritzBOX 5490) and the wireless printer(without installing any drivers first). Installation B doesnt see any of those plus I cannot access my router’s interface, neither by typing its IP adress nor by using the “adress” fritz.box. Both methods work on installation A and on other devices.

What I tried: Followed a few guides that did what worked for them in similar cases, like installing “Support for SMB 1.0/CIFS” and activated several services. If its relevant, I will edit the exact names in.

What I suspect: Maybe I missed a driver? What other difference is there between an OS installed by HP/vendor to a “self-installed”? That used the newest WiFi drivers from Intel’s site rather the ones from the model-specific collection?

Any other ideas?