[Samba] locking down ssh when using winbind

Luv Linux luvlinux2009 at gmail.com
Wed Sep 16 17:13:54 MDT 2009

Hi all,

I'm using samba with winbind which has been integrated with Active
In the smb.conf file, I have
template shell = /bin/bash
winbind use default domain = yes

to allow ssh but I don't want all the domain users to be able to ssh.

Is there a way to only allow for example) domain\ssh_group which is an
active directory group to be able to ssh into the server?

This is my current pam.d/sshd file:
auth       required     pam_nologin.so
auth       sufficient     pam_stack.so service=system-auth
auth       sufficient   pam_winbind.so
account    sufficient     pam_stack.so service=system-auth
account    sufficient   pam_winbind.so
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so

More information about the samba mailing list