[Samba] Restricting logins using pam_winbind require_membership_of ?

John McNulty johnmcn1 at gmail.com
Wed Jun 22 02:10:52 MDT 2011


pam_access actually worked very well and is the most powerful / flexible of
all the choices, so that's the one I'm going with.

Thanks to everyone who replied.

John


On 20 June 2011 18:35, TAKAHASHI Motonobu <monyo at monyo.com> wrote:

> On 06/17/2011 12:28 PM, John McNulty wrote:
> > Hi.
> >
> > I have some shares on a server that are offered to specific Active
> Directory
> > user groups, but the business doesn't want those users to be able to
> login
> > to the server.  If I were to add "require_membership_of"  to pam_winbind
> to
> > limit logins and shut out the users I don't want, would it also have the
> > side effect of denying those users access to the shares as well?
>
> From: John McNulty <johnmcn1 at gmail.com>
> Date: Mon, 20 Jun 2011 10:50:45 +0100
>
> > The user accounts exist in Active Directory and we're using the rfc2307
> > schema.  So the shell is set in AD.  I cannot change the shell to
> /bin/false
> > or that would affect all the other servers they login to.
>
> I see. You may manage local login with the facility of PAM, for
> example pam_access, pam_listfile or others...
>
> ---
> TAKAHASHI Motonobu <monyo at monyo.com> / @damemonyo
>  http://damedame.monyo.com/ / http://facebook.com/monyot
>


More information about the samba mailing list