R: Using winbind to filter ssh or su logins?

Diego Zuccato diego.zuccato at unibo.it
Tue Feb 3 11:10:45 GMT 2009

>>> Given up hope to have login by upn, I'm now facing another 
Well, not completly... If someone have any ideas... :-)
>>> problem: is it possible to have an AD group that
>>> "filters" users that can use su (like pam_wheel) ?
>> What the pam module that supports options like
>> "useringroup=DOMAIN\DOmain admins"?  Can' rmember the name but
>> I used to use it a lot....
>> It's pam_succeed_if.  I remember now.
ARGH! I missed it :-(
Tks. It works. Took a bit to understand that I had to use use_uid and the converted form of the group name.

> You could also use the require-membership-of if using
> pam_winbind for auth.
Tried it, but it works only when credentials are available (I'm using it 
to filter out non-department people). For "su" it complains that the 
pass is not available and gives up. pam_succeed_if is the right one, here.

Diego Zuccato
Servizi Informatici
Dip. di Astronomia - Università di Bologna
Via Ranzani, 1 - 40126 Bologna - Italy
tel.: +39 051 20 95786
mail: diego.zuccato at unibo.it 

More information about the samba-technical mailing list