[Samba] Restricting logins using pam_winbind require_membership_of ?
TAKAHASHI Motonobu
monyo at monyo.com
Mon Jun 20 11:35:51 MDT 2011
On 06/17/2011 12:28 PM, John McNulty wrote:
> Hi.
>
> I have some shares on a server that are offered to specific Active Directory
> user groups, but the business doesn't want those users to be able to login
> to the server. If I were to add "require_membership_of" to pam_winbind to
> limit logins and shut out the users I don't want, would it also have the
> side effect of denying those users access to the shares as well?
From: John McNulty <johnmcn1 at gmail.com>
Date: Mon, 20 Jun 2011 10:50:45 +0100
> The user accounts exist in Active Directory and we're using the rfc2307
> schema. So the shell is set in AD. I cannot change the shell to /bin/false
> or that would affect all the other servers they login to.
I see. You may manage local login with the facility of PAM, for
example pam_access, pam_listfile or others...
---
TAKAHASHI Motonobu <monyo at monyo.com> / @damemonyo
http://damedame.monyo.com/ / http://facebook.com/monyot
More information about the samba
mailing list