[Samba] SerNet - Samba 4.3 and ssh password logins
L.P.H. van Belle
belle at bazuin.nl
Wed Apr 6 05:58:49 UTC 2016
Thats pretty simple todo.
Create a group on windows, add the allowed users in it.
Add
AllowGroups YourADGroup
In sshd_config
Restart ssh.
You want unix and windows groups.
AllowGroups YourADGroup YourLinuxGroup
Adduser Linuxgroup ( for the linux servers )
Greet,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Heinz Allerberger
> Verzonden: dinsdag 5 april 2016 19:31
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] SerNet - Samba 4.3 and ssh password logins
>
> Hi everyone,
>
> I have a SerNet-Samba 4.3.6-10 AD which works fine.
>
> Now I try to implement a fileserver. It is a server with a lot of
> (old)-users, which have an Unix-Account. On this server are also users
> who should can login from the Internet over ssh.
>
> But now I'm running in trouble with the security of my fileserver.
> When I would install samba 4.3.6 on it and activate sernet-samba-client
> with winbind. Every user can login over ssh with his
> Windows-AD-password. This seems dangerous for me.
>
> I could live with this, but then it should be possible, that I can deny
> the ssh-login for some users who should not have the possibility to
> login from the Internet. But this users should be able to login into the
> domain with a windows-machine on the AD.
>
> How can I do that?
>
> Please don't be worry about my English. I'm German and it is not my mean
> language.
>
> Regards,
> Heinz
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list