[Samba] Winbind Auth - prevent some users from logging on
Jeremy Allison
jra at samba.org
Wed Feb 3 16:20:28 MST 2010
On Wed, Feb 03, 2010 at 04:11:02PM -0700, Eddy Sturg wrote:
> Hey folks,
>
> New to the list - and I hope this isn't a dumb question.
>
> I am in the process of revamping the way we authenticate to our Linux
> servers. Moving away from pam_ldap and pam_nss, in favor of winbind and
> pam_nss. The reason for this is that I feel winbindd does a better job of
> failing over from a unavailable authentication server than pam_ldap.
>
> In any case - I have it all working well on CentOS 5.4, but my only delimma
> is how to prevent unwanted users from logging onto servers. Using pam_ldap
> we would use the pam_filter option in ldap.conf to define who we wanted to
> allow to login using an LDAP attribute.
>
> Is there a setting in smb.conf or some other winbind mechanism for defining
> who is allowed to login?
>
> Note - this should include not only console, but ssh and any other service
> that uses the system-auth PAM.
Doesn't pam_listfile do what you want ?
http://www.cyberciti.biz/tips/howto-deny-allow-linux-user-group-login.html
No dependencies on Samba.
Jeremy.
More information about the samba
mailing list