[Samba] Looking for AIX Users of Winbind -- Authorization and SSHProblems
Matt Delves
m.delves at ballarat.edu.au
Thu Nov 12 16:05:29 MST 2009
>>> On 13/11/2009 at 9:54 am, Kevin Newman <kevinjnewman at gmail.com> wrote:
> 2. Authorization (e.g., who can log into the box ... NOT just all of AD).
> I'm pretty good at configuring Winbind on Linux, and on Linux there's a
> pam_winbind.conf file that I usually use to lock down the box to specific AD
> users or groups -- I use the require_membership_of line and it works just
> fine. Unfortunately, I don't see any pam_winbind.conf file in AIX by
> default. I've tried placing it in /etc/security/ or in other locations, but
> it doesn't seem to be used. I've also tried adding pam_winbind lines to the
> /etc/pam.conf and manually adding the "require_membership_of" after the
> stanza, like so:
>
> telnet account required /usr/lib/security/pam_winbind.so
> require_membership_of=someGroup
>
How I use winbind to lock down group membership is by using the /etc/security/access.conf file and to restrict the groups who can log in. This does mean you will have to use the pam_access module as well. This works quite well for me under Linux and may (I stress may as I haven't worked with AIX) provide a solution under AIX.
Hope this helps.
Thanks,
Matt Delves
More information about the samba
mailing list