[Samba] Not Obeying "require_membership_of" winbind.so when "User must change password at next logon"

steve steve at steve-ss.com
Sun Sep 1 03:23:50 MDT 2013

On Sun, 2013-09-01 at 09:56 +0200, steve wrote:
> On Thu, 2013-08-22 at 11:49 +0000, Jason Caylor wrote:
> > Okay, so I have an Active Directory server running on Windows Server 2012 Standard
> > I have configured Samba/Kerberos/Winbind on Ubuntu 13.04 to bind to the DC properly.
> > I am able to login with my Active Directory users credentials.
> > When I use the 'require_membership_of' option in pam.d/common-auth for winbind.so using the SID of the group I want to restrict access to, it works like a charm.
> Hi
> Say the group with that SID is mygroup.
> Does:
>  getent group mygroup
> return a gidNumber? If so, then:
> Put only the users you want. Then common-account:
> account required        pam_succeed_if.so user ingroup mygroup
> man pam_succeed_if
> BTW, I'd strongly advise changing to the ad backend.
> Steve
Sorry, I'm not answering the question. These are not fixes, rather
'something else to try', things.

More information about the samba mailing list