[Samba] SerNet - Samba 4.3 and ssh password logins
Rowland penny
rpenny at samba.org
Tue Apr 5 18:53:55 UTC 2016
On 05/04/16 18:30, Heinz Allerberger wrote:
> Hi everyone,
>
> I have a SerNet-Samba 4.3.6-10 AD which works fine.
>
> Now I try to implement a fileserver. It is a server with a lot of
> (old)-users, which have an Unix-Account. On this server are also users
> who should can login from the Internet over ssh.
>
> But now I'm running in trouble with the security of my fileserver.
> When I would install samba 4.3.6 on it and activate
> sernet-samba-client with winbind. Every user can login over ssh with
> his Windows-AD-password. This seems dangerous for me.
>
> I could live with this, but then it should be possible, that I can
> deny the ssh-login for some users who should not have the possibility
> to login from the Internet. But this users should be able to login
> into the domain with a windows-machine on the AD.
>
> How can I do that?
>
> Please don't be worry about my English. I'm German and it is not my
> mean language.
>
> Regards,
> Heinz
>
You could take a look at pam_access, see 'man pam_access'
Rowland
More information about the samba
mailing list