[Samba] restrict ssh login by Win2K AD group SOLVED!

Don Meyer dlmeyer at uiuc.edu
Tue Sep 19 19:33:57 GMT 2006

At 02:19 PM 9/19/2006, Matt Herzog wrote:
>It is that simple. Of course I'd like to have more than one group be able to
>login so I'll dig into that presently.

Create an AD group specifically for restricting ssh access -- "ssh 
access" or some such name.

Then add the multiple AD groups to this group.   Winbind should do 
the magic beyond this point.

Adjust your pam_succeed_if.so line for this new gid once it 
propagates through winbind, and you should be all set...


Don Meyer                                           <dlmeyer at uiuc.edu>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services

   "They that can give up essential liberty to obtain a little 
temporary safety,
         deserve neither liberty or safety."     -- Benjamin Franklin, 1759 

More information about the samba mailing list