[Samba] LDAP, checkpwnam and PDC

Ben Wheare samba-users at bwgames.net
Mon Dec 4 17:28:41 GMT 2006


I'm trying to set up a Samba PDC with an LDAP backend.
I experienced problems joining machines to domains, the machine account 
was created, but Windows said user name cannot be found.
I resolved this by adding ldap to /etc/nsswitch.conf, but this has the 
side effect of allowing ldap users to login to the server via SSH.
Whilst I can understand the need for LDAP users to be accessible to the 
system, i.e. checkpwnam etc for permisisons, I don't want users to be 
able to login to anywhere except the client Windows 2000/XP boxes.

People (only 3) who can login via SSH already have "real" user accounts 
in /etc/passwd etc.

Is there a way to stop this being allowed?


More information about the samba mailing list