[Samba] Do not allow login to member server
Luis Peromarta
lperoma at icloud.com
Thu Apr 27 10:30:07 UTC 2023
Here I go again with the opposite question.
Now that I got unix login working, I want to disallow unix login to memberr server for AD users. How shall I configure ? /dev/null for the unixshell in AD ? Or is there a system wide (per server) smb.conf setting I can use ?
This is the running smb.conf now.
# Default ID mapping configuration for local BUILTIN accounts
idmap config * : backend = tdb
idmap config * : range = 3000-7999
# idmap config for the MAD domain
idmap config MAD : backend = ad
idmap config MAD : schema_mode = rfc2307
idmap config MAD : range = 10000-999999
# winbind config:
idmap config MAD : unix_nss_info = yes
winbind use default domain = yes
# winbind enum users = yes
# winbind enum groups = yes
Thank you all,
More information about the samba
mailing list