[Samba] limits.conf and AD domain groups
David Bear
dwbear75 at gmail.com
Wed Nov 25 23:08:09 UTC 2015
seems to work :
------------------------------
getent group 'Domain Users'
domain users:x:10513:
------------------------------
I'm wondering of the settings that pam makes happen before winbind is ready?
On Wed, Nov 25, 2015 at 2:10 PM, Rowland Penny <rowlandpenny241155 at gmail.com
> wrote:
> On 25/11/15 20:43, David Bear wrote:
>
>> I am using a member server with AD as my source of accounts. ssh logins
>> work great.
>>
>> Yesterday, one of my students wanted to see what a fork bomb was and so
>> now
>> I need to place ulimits on place. Attempts to use AD domain groups fail.
>> So
>> I'm not sure this is an issue for samba+winbind or for
>> /etc/security/limits.conf and pam.
>>
>> Here's what I have added in limits.conf
>>
>> # -- fix fork bomb issue --
>> @"Domain Users" soft nproc 20
>> @"Domain Users" hard nproc 20
>>
>> And here is what I have in pam.d/common-session
>>
>> session required pam_limits.so
>>
>> --
>> I'm pretty sure the pam stuff is correct because I was able to set nproc
>> limits on a non-domain user.
>>
>> But I'm wondering if we can set limits to AD provided groups. Any advice?
>>
>>
>>
> Never tried, but does 'getent group Domain\ Users' return anything ?
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
David Bear
mobile: (602) 903-6476
More information about the samba
mailing list