[Samba] Locking SAMBA ccounts with LDAP backend
Michael Starling
mlstarling31 at hotmail.com
Tue Jul 12 08:26:17 MDT 2011
Thanks for the reply. This is what my system-auth looks like now:
Where would you suggest I place the auth pam_winbind.so statement?
auth required pam_env.so
auth sufficient pam_ldap.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
session required pam_mkhomedir.so skel=/etc/skel umask=0027
> Date: Tue, 12 Jul 2011 23:20:21 +0900
> To: mlstarling31 at hotmail.com
> CC: samba at lists.samba.org
> Subject: Re: [Samba] Locking SAMBA ccounts with LDAP backend
> From: monyo at monyo.com
>
> From: Michael Starling <mlstarling31 at hotmail.com>
> Date: Sun, 10 Jul 2011 08:18:52 -0400
>
> > Hello. Is it possible to have SAMBA respect PAM so that when an LDAP
> > accounts gets locked out the SAMBA account simultaneously gets
> > locked out as well?
>
> As far as I examined on Samba 3.5.6 on Lenny, to set
>
> -----
> auth pam_winbind.so
> -----
>
> and "obey pam restrictions = yes", then the locked user cannot logon
> to Samba server.
>
> ---
> TAKAHASHI Motonobu <monyo at samba.gr.jp>
>
>
>
More information about the samba
mailing list