[Samba] A couple of quick questions

NdK ndk.clanbo at gmail.com
Thu Feb 23 13:06:40 MST 2012

Il 20/02/2012 17:20, Daniel Patrick Sullivan ha scritto:

> The first is;
> 1) Is it possible to deterministically set the domain name that will
> be used when the "winbind use default domain = Yes" option is
> configured in /etc/samba/smb.conf?  I want to set a default domain,
> however I do not want the default domain to reflect the domain
> membership of the server.  I do not see this in the documentation,
> although I admittedly haven't looked *that* hard.
That would be useful to me, too.
I tried setting "idmap config STUDENTI:default = yes" w/o results
(machine is joined to PERSONALE domain).

> 2) I am using a configuration line such as the following to restrict access;
> winbind use default domain = Yes
> auth        requisite     pam_succeed_if.so user ingroup
> AD\org_cri_cri_galaxy_administrators debug
> This is working all fine and good, although I would like to actually
> have another group.  It seems that whenever I add another similar line
> the pam auth bombs out after the first failure.  Is it possible to
> restrict authorization to multiple groups in this manner?
I think it can check only one group, but that's not a problem: just
create a group (whose membership you'll check) that contains the other
groups you want to enable access. I usually do that for users allowed to
access a machine: a 'machinename-authorized' group that contains
'lab-administrators' group and users/groups allowed to access that
machine. This way I can be sure 'lab-administrators' are allowed access.


More information about the samba mailing list