[Samba] Restricting AD group logging on to Servers
Roy Eastwood
spindles7 at gmail.com
Mon Dec 4 15:59:32 UTC 2017
Thanks Marco, see inline comments below.
> -----Original Message-----
> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Marco Gaiarin via samba
> Sent: 04 December 2017 08:38
> To: samba at lists.samba.org
> Subject: Re: [Samba] Restricting AD group logging on to Servers
>
> Mandi! Roy Eastwood via samba
> In chel di` si favelave...
>
> > or should I set it to /dev/null or similar non-existent dir?
>
> Pay a little attention to that.
>
> If you set an invalid shell for users, in newer debian this can lead to
> minor trouble (eg; if you run scripts for users with 'su', they did not work or
> you have to run with explicit shell).
>
This was not for the shell, but for the homedir setting - to prevent a user logging on with key authentication (nowhere for the user to save a public key).
>
> I prefere to have all users with valid shell, and act elsewhere (eg, in
> SSH in 'authorized-groups').
>
> --
> dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Regards,
Roy
More information about the samba
mailing list