[Samba] restrict ssh login by Win2K AD group SOLVED!
Don Meyer
dlmeyer at uiuc.edu
Tue Sep 19 19:33:57 GMT 2006
At 02:19 PM 9/19/2006, Matt Herzog wrote:
>It is that simple. Of course I'd like to have more than one group be able to
>login so I'll dig into that presently.
Create an AD group specifically for restricting ssh access -- "ssh
access" or some such name.
Then add the multiple AD groups to this group. Winbind should do
the magic beyond this point.
Adjust your pam_succeed_if.so line for this new gid once it
propagates through winbind, and you should be all set...
Cheers,
-D
Don Meyer <dlmeyer at uiuc.edu>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services
"They that can give up essential liberty to obtain a little
temporary safety,
deserve neither liberty or safety." -- Benjamin Franklin, 1759
More information about the samba
mailing list