[Samba] SerNet - Samba 4.3 and ssh password logins

Rowland penny rpenny at samba.org
Tue Apr 5 18:53:55 UTC 2016


On 05/04/16 18:30, Heinz Allerberger wrote:
> Hi everyone,
>
> I have a SerNet-Samba 4.3.6-10 AD which works fine.
>
> Now I try to implement a fileserver. It is a server with a lot of 
> (old)-users, which have an Unix-Account. On this server are also users 
> who should can login from the Internet over ssh.
>
> But now I'm running in trouble with the security of my fileserver.
> When I would install samba 4.3.6 on it and activate 
> sernet-samba-client with winbind. Every user can login over ssh with 
> his Windows-AD-password. This seems dangerous for me.
>
> I could live with this, but then it should be possible, that I can 
> deny the ssh-login for some users who should not have the possibility 
> to login from the Internet. But this users should be able to login 
> into the domain with a windows-machine on the AD.
>
> How can I do that?
>
> Please don't be worry about my English. I'm German and it is not my 
> mean language.
>
> Regards,
> Heinz
>

You could take a look at pam_access, see 'man pam_access'

Rowland




More information about the samba mailing list