[Samba] SerNet - Samba 4.3 and ssh password logins

Marcel de Reuver marcel at de.reuver.org
Mon Apr 11 14:36:39 UTC 2016

Setup PAM to use winbind on this fileserver, see
for the details.

You can restrict access to AD group "linuxusers" by
replacing pam_winbind.so with pam_winbind.so
require_membership_of=linuxusers in the auth configuration.


2016-04-05 19:30 GMT+02:00 Heinz Allerberger <
allerberger at em.uni-frankfurt.de>:

> Hi everyone,
> I have a SerNet-Samba 4.3.6-10 AD which works fine.
> Now I try to implement a fileserver. It is a server with a lot of
> (old)-users, which have an Unix-Account. On this server are also users who
> should can login from the Internet over ssh.
> But now I'm running in trouble with the security of my fileserver.
> When I would install samba 4.3.6 on it and activate sernet-samba-client
> with winbind. Every user can login over ssh with his Windows-AD-password.
> This seems dangerous for me.
> I could live with this, but then it should be possible, that I can deny
> the ssh-login for some users who should not have the possibility to login
> from the Internet. But this users should be able to login into the domain
> with a windows-machine on the AD.
> How can I do that?
> Please don't be worry about my English. I'm German and it is not my mean
> language.
> Regards,
> Heinz
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list