[Samba] winbind and AD disabled accounts
JM
coil93 at gmail.com
Fri Jan 15 13:04:56 UTC 2016
Hi,
Is there any way to ignore AD disabled accounts by winbind, like ldap
filter does? "(!(UserAccountControl:1.2.840.113556.1.4.803:=2))"
with following settings.
/etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat winbind
/etc/pam.d/common-auth
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_winbind.so krb5_auth
krb5_ccache_type=FILE cached_login try_first_pass
auth requisite pam_deny.so
auth required pam_permit.so
Windbind lookup does not recognize AD disabled account's status.
Regards,
Juri
More information about the samba
mailing list