[Samba] SerNet - Samba 4.3 and ssh password logins
Marcel de Reuver
marcel at de.reuver.org
Mon Apr 11 14:36:39 UTC 2016
Setup PAM to use winbind on this fileserver, see
https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member#Authenticating_Domain_users_via_PAM
for the details.
You can restrict access to AD group "linuxusers" by
replacing pam_winbind.so with pam_winbind.so
require_membership_of=linuxusers in the auth configuration.
regards,
Marcel
2016-04-05 19:30 GMT+02:00 Heinz Allerberger <
allerberger at em.uni-frankfurt.de>:
> Hi everyone,
>
> I have a SerNet-Samba 4.3.6-10 AD which works fine.
>
> Now I try to implement a fileserver. It is a server with a lot of
> (old)-users, which have an Unix-Account. On this server are also users who
> should can login from the Internet over ssh.
>
> But now I'm running in trouble with the security of my fileserver.
> When I would install samba 4.3.6 on it and activate sernet-samba-client
> with winbind. Every user can login over ssh with his Windows-AD-password.
> This seems dangerous for me.
>
> I could live with this, but then it should be possible, that I can deny
> the ssh-login for some users who should not have the possibility to login
> from the Internet. But this users should be able to login into the domain
> with a windows-machine on the AD.
>
> How can I do that?
>
> Please don't be worry about my English. I'm German and it is not my mean
> language.
>
> Regards,
> Heinz
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list