[Samba] Restrict users from logging in: winbind
Matthew J. Salerno
vagabond_king at yahoo.com
Mon Nov 2 13:43:44 MST 2009
I have my Redhat 5.4 linux server fully integrated into my companies AD. The biggest issue I have is that I am using a rid backend which means that anyone with an AD account can log into the server. So my quesiton is, how can I restrict server login via AD groups? I have tried using pam with pam_listfile, but for some reason it does not work, I keep getting errors about sshd refusing the user. I can use this config for su restrictions but not logins.
I keep getting the following error in /var/log/secure:
pam_listfile(sshd:auth): Refused user DOMAIN+user for service sshd
Does anyone have a working config I could model mine against?
Thanks
/etc/security/loginauthgrp
wheel
root
DOMAIN+operations
/etc/pam.d/system-auth (Very first line)
auth required pam_listfile.so item=group sense=allow file=/etc/security/loginauthgrp.allow onerr=fail
More information about the samba
mailing list