[Samba] Restricting AD group logging on to Servers

Roy Eastwood spindles7 at gmail.com
Mon Dec 4 15:59:32 UTC 2017

Thanks Marco, see inline comments below.

> -----Original Message-----
> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Marco Gaiarin via samba
> Sent: 04 December 2017 08:38
> To: samba at lists.samba.org
> Subject: Re: [Samba] Restricting AD group logging on to Servers
> Mandi! Roy Eastwood via samba
>   In chel di` si favelave...
> > or should I set it to /dev/null or similar non-existent dir?
> Pay a little attention to that.
> If you set an invalid shell for users, in newer debian this can lead to
> minor trouble (eg; if you run scripts for users with 'su', they did not work or
> you have to run with explicit shell).

This was not for the shell, but for the homedir setting - to prevent a user logging on with key authentication (nowhere for the user to save a public key).

> I prefere to have all users with valid shell, and act elsewhere (eg, in
> SSH in 'authorized-groups').
> --
> dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66



More information about the samba mailing list