[Samba] LDAP, checkpwnam and PDC

Carlos Eduardo Pedroza Santiviago segfault at core-dumped.org
Mon Dec 4 17:59:17 GMT 2006


On 12/4/06, Ben Wheare <samba-users at bwgames.net> wrote:
> Hiya,
> I'm trying to set up a Samba PDC with an LDAP backend.
> I experienced problems joining machines to domains, the machine account
> was created, but Windows said user name cannot be found.
> I resolved this by adding ldap to /etc/nsswitch.conf, but this has the
> side effect of allowing ldap users to login to the server via SSH.
> Whilst I can understand the need for LDAP users to be accessible to the
> system, i.e. checkpwnam etc for permisisons, I don't want users to be
> able to login to anywhere except the client Windows 2000/XP boxes.
> People (only 3) who can login via SSH already have "real" user accounts
> in /etc/passwd etc.
> Is there a way to stop this being allowed?

Check your sshd (/etc/ssh/sshd_config) configuration, specially the
AllowUsers and/or AllowGroups options.

Carlos Eduardo Pedroza Santiviago

More information about the samba mailing list