[Samba] Looking for AIX Users of Winbind -- Authorization and SSHProblems

Matt Delves m.delves at ballarat.edu.au
Thu Nov 12 16:05:29 MST 2009

>>> On 13/11/2009 at 9:54 am, Kevin Newman <kevinjnewman at gmail.com> wrote:
> 2. Authorization (e.g., who can log into the box ... NOT just all of AD).
> I'm pretty good at configuring Winbind on Linux, and on Linux there's a
> pam_winbind.conf file that I usually use to lock down the box to specific AD
> users or groups -- I use the require_membership_of line and it works just
> fine.  Unfortunately,  I don't see any pam_winbind.conf file in AIX by
> default.  I've tried placing it in /etc/security/ or in other locations, but
> it doesn't seem to be used.  I've also tried adding pam_winbind lines to the
> /etc/pam.conf and manually adding the "require_membership_of" after the
> stanza, like so:
> telnet  account required        /usr/lib/security/pam_winbind.so
> require_membership_of=someGroup

How I use winbind to lock down group membership is by using the /etc/security/access.conf file and to restrict the groups who can log in. This does mean you will have to use the pam_access module as well. This works quite well for me under Linux and may (I stress may as I haven't worked with AIX) provide a solution under AIX.

Hope this helps.

Matt Delves

More information about the samba mailing list