John McNulty
2011-Jun-17 16:28 UTC
[Samba] Restricting logins using pam_winbind require_membership_of ?
Hi. I have some shares on a server that are offered to specific Active Directory user groups, but the business doesn't want those users to be able to login to the server. If I were to add "require_membership_of" to pam_winbind to limit logins and shut out the users I don't want, would it also have the side effect of denying those users access to the shares as well? Regards, John
Aaron E.
2011-Jun-17 16:46 UTC
[Samba] Restricting logins using pam_winbind require_membership_of ?
In the samba share definition you could add valid users = +group this should have the effect your looking for if I understand you correctly. If not my apologies.. On 06/17/2011 12:28 PM, John McNulty wrote:> Hi. > > I have some shares on a server that are offered to specific Active Directory > user groups, but the business doesn't want those users to be able to login > to the server. If I were to add "require_membership_of" to pam_winbind to > limit logins and shut out the users I don't want, would it also have the > side effect of denying those users access to the shares as well? > > Regards, > > John
TAKAHASHI Motonobu
2011-Jun-20 17:35 UTC
[Samba] Restricting logins using pam_winbind require_membership_of ?
On 06/17/2011 12:28 PM, John McNulty wrote:> Hi. > > I have some shares on a server that are offered to specific Active Directory > user groups, but the business doesn't want those users to be able to login > to the server. If I were to add "require_membership_of" to pam_winbind to > limit logins and shut out the users I don't want, would it also have the > side effect of denying those users access to the shares as well?From: John McNulty <johnmcn1 at gmail.com> Date: Mon, 20 Jun 2011 10:50:45 +0100> The user accounts exist in Active Directory and we're using the rfc2307 > schema. So the shell is set in AD. I cannot change the shell to /bin/false > or that would affect all the other servers they login to.I see. You may manage local login with the facility of PAM, for example pam_access, pam_listfile or others... --- TAKAHASHI Motonobu <monyo at monyo.com> / @damemonyo http://damedame.monyo.com/ / http://facebook.com/monyot
Reasonably Related Threads
- Samba 3.3.15 Ignoring "Logon Path" and "Logon Home" to Disable Roaming Profiles
- convert_string_talloc: Conversion error: Incomplete multibyte sequence
- require_membership_of is ignored
- samba4wins nbd_server implementation & configuration
- require_membership_of being ignored?