Samba winbind authentication for login and sudo
paul.a.bolton at bt.com
paul.a.bolton at bt.com
Fri Aug 28 15:19:21 UTC 2015
> -----Original Message-----
> From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE]
>
> On Fri, Aug 28, 2015 at 12:28:51PM +0000, paul.a.bolton at bt.com wrote:
> >
> > The key one I'm looking at now is being able to authenticate the user
> > via winbind using non-Unix enabled groups, both for login and for 'sudo'
> > commands yet still map the user's profile to an rfc2307 compliant (and
> > consistent) mapping of UIDs and GIDs for those groups that are so
enabled.
>
> pam_winbind has the require_membership_of option using which you can
> restrict successful login to a list of SIDs. Only if a user is member in
one of
> those groups pam login will succeed. Is that a start for you?
I'm pretty sure that when I tried this it failed unless the group was
unix-enabled.
>
> With best regards,
>
> Volker Lendecke
>
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816,
> GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 8338 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150828/49b67dcb/smime.bin>
More information about the samba-technical
mailing list