[Samba] require_membership_of is ignored

John P Arends jarends at northwestern.edu
Thu Jan 24 14:45:13 MST 2013

I have a RHEL 6.3 machine successfully bound to AD using winbind, and commands like wbinfo -u and wbinfo -g output the users and groups. I can also log in as any AD user.

The problem is, I can log on as any AD user.

require_membership_of is being ignored. I can put in a valid group with no spaces in the name, a group by SID, and either way, everyone can log in.

I've put this option in both /etc/pam.d/system-auth and /etc/security/pam_winbind.conf and any user can log in.

Any suggestions, or advice on how I can better troubleshoot this? I'm not seeing anything in the logs that is helpful, but I may not be looking in the right place.

I've asked a few other people who have told me "oh, that never works" but I can't imagine that is the case.

Running  3.5.10-125.el6 by the way..



John Arends
Senior Systems Engineer
School of Communication
Northwestern University 

More information about the samba mailing list