[Samba] SerNet - Samba 4.3 and ssh password logins

L.P.H. van Belle belle at bazuin.nl
Wed Apr 6 05:58:49 UTC 2016


Thats pretty simple todo. 

Create a group on windows, add the allowed users in it. 
Add 
AllowGroups YourADGroup 
In sshd_config 
Restart ssh. 

You want unix and windows groups. 
AllowGroups YourADGroup YourLinuxGroup

Adduser Linuxgroup ( for the linux servers ) 


Greet, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Heinz Allerberger
> Verzonden: dinsdag 5 april 2016 19:31
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] SerNet - Samba 4.3 and ssh password logins
> 
> Hi everyone,
> 
> I have a SerNet-Samba 4.3.6-10 AD which works fine.
> 
> Now I try to implement a fileserver. It is a server with a lot of
> (old)-users, which have an Unix-Account. On this server are also users
> who should can login from the Internet over ssh.
> 
> But now I'm running in trouble with the security of my fileserver.
> When I would install samba 4.3.6 on it and activate sernet-samba-client
> with winbind. Every user can login over ssh with his
> Windows-AD-password. This seems dangerous for me.
> 
> I could live with this, but then it should be possible, that I can deny
> the ssh-login for some users who should not have the possibility to
> login from the Internet. But this users should be able to login into the
> domain with a windows-machine on the AD.
> 
> How can I do that?
> 
> Please don't be worry about my English. I'm German and it is not my mean
> language.
> 
> Regards,
> Heinz
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba





More information about the samba mailing list