[Samba] help with winbind and groups
Terry
td3201 at gmail.com
Fri Jul 10 22:34:35 MDT 2009
Hello,
I have winbind working well out of the box. However, I am having
problems with using groups to restrict ssh access to the box. I have
a feeling there are some tricks that I haven't thought of yet.
Here is the relevant parts of smb.conf:
workgroup = FOO
password server = server.foo.local
realm = FOO.LOCAL
security = ads
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind use default domain = no
winbind offline logon = false
winbind enum users = no
winbind enum groups = yes
winbind separator = +
1. 'getent group' works and shows this group (yes, it is a different
domain through a trust):
NARF+tdtest:*:10521:NARF+joe_jel
2. I have this in sshd_config:
AllowGroups root NARF+tdtest
This works great! I can log in with NARF+joe_jel via ssh and life is
good. However, I have a whole bunch of groups in AD that have spaces
in them. I can see them fine in a 'getent group'. However, how can I
restrict ssh access using these groups? I have tried quoting them in
sshd_config but no luck. Any tricks here?
Thanks!
More information about the samba
mailing list