[Samba] Do not allow login to member server

Luis Peromarta lperoma at icloud.com
Thu Apr 27 10:30:07 UTC 2023

Here I go again with the opposite question.

Now that I got unix login working, I want to disallow unix login to memberr server for AD users. How shall I configure ? /dev/null for the unixshell in AD ? Or is there a system wide (per server) smb.conf setting I can use ?

This is the running smb.conf now.

# Default ID mapping configuration for local BUILTIN accounts

        idmap config * : backend = tdb
        idmap config * : range = 3000-7999

# idmap config for the MAD domain

        idmap config MAD : backend = ad
        idmap config MAD : schema_mode = rfc2307
        idmap config MAD : range = 10000-999999

# winbind config:

        idmap config MAD : unix_nss_info = yes
        winbind use default domain = yes
#       winbind enum users = yes
#       winbind enum groups = yes

Thank you all,

More information about the samba mailing list