[Samba] Question about pam_winbind

Fawzib Rojas f_rojas at spectron-msim.com
Wed Oct 26 17:55:40 GMT 2005

I was looking at the documentation at samba.org and it says the following:

require_membership_of=[SID or NAME]

If this option is set, pam_winbind will only succeed if the user is a 
member of the given SID or NAME. A SID can be either a group-SID, a 
alias-SID or even a user-SID. It is also possible to give a NAME instead 
of the SID. That name must have the form: /|MYDOMAIN\mygroup|/ or 
/|MYDOMAIN\myuser|/. pam_winbind will, in that case, lookup the SID 
internally. Note that NAME may not contain any spaces. It is thus 
recommended to only use SIDs. You can verify the list of SIDs a user is 
a member of with *wbinfo --user-sids=SID*.

I want to only allow access to a certain group 'Domain Power Users', so 
it seems I have to do the following:
    a) wbinfo -name-to-sid="domain power users", which gives me the 
group's SID
    b) add the parameter 'require_membership_of=<SID>'
    c) restart samba

I did this but it isn't working. Can somebody help me with this? What am 
I doing wrong? BTW I'm using Samba 3.0.14 (ubuntu)  

More information about the samba mailing list