[Samba] Restricting logins using pam_winbind require_membership_of ?

TAKAHASHI Motonobu monyo at monyo.com
Mon Jun 20 11:35:51 MDT 2011

On 06/17/2011 12:28 PM, John McNulty wrote:
> Hi.
> I have some shares on a server that are offered to specific Active Directory
> user groups, but the business doesn't want those users to be able to login
> to the server.  If I were to add "require_membership_of"  to pam_winbind to
> limit logins and shut out the users I don't want, would it also have the
> side effect of denying those users access to the shares as well?

From: John McNulty <johnmcn1 at gmail.com>
Date: Mon, 20 Jun 2011 10:50:45 +0100

> The user accounts exist in Active Directory and we're using the rfc2307
> schema.  So the shell is set in AD.  I cannot change the shell to /bin/false
> or that would affect all the other servers they login to.

I see. You may manage local login with the facility of PAM, for
example pam_access, pam_listfile or others...

TAKAHASHI Motonobu <monyo at monyo.com> / @damemonyo
  http://damedame.monyo.com/ / http://facebook.com/monyot

More information about the samba mailing list