samba - Jun 2011 - Restricting logins using pam_winbind require_membership_of ?

Hi.

I have some shares on a server that are offered to specific Active Directory
user groups, but the business doesn't want those users to be able to login
to the server.  If I were to add "require_membership_of"  to
pam_winbind to
limit logins and shut out the users I don't want, would it also have the
side effect of denying those users access to the shares as well?

Regards,

John

In the samba share definition you could add
valid users = +group

this should have the effect your looking for if I understand you 
correctly. If not my apologies..

On 06/17/2011 12:28 PM, John McNulty wrote:
> Hi.
>
> I have some shares on a server that are offered to specific Active
Directory
> user groups, but the business doesn't want those users to be able to
login
> to the server.  If I were to add "require_membership_of"  to
pam_winbind to
> limit logins and shut out the users I don't want, would it also have
the
> side effect of denying those users access to the shares as well?
>
> Regards,
>
> John

On 06/17/2011 12:28 PM, John McNulty wrote:
> Hi.
>
> I have some shares on a server that are offered to specific Active
Directory
> user groups, but the business doesn't want those users to be able to
login
> to the server.  If I were to add "require_membership_of"  to
pam_winbind to
> limit logins and shut out the users I don't want, would it also have
the
> side effect of denying those users access to the shares as well?
From: John McNulty <johnmcn1 at gmail.com>
Date: Mon, 20 Jun 2011 10:50:45 +0100
> The user accounts exist in Active Directory and we're using the rfc2307
> schema.  So the shell is set in AD.  I cannot change the shell to
/bin/false
> or that would affect all the other servers they login to.
I see. You may manage local login with the facility of PAM, for
example pam_access, pam_listfile or others...

---
TAKAHASHI Motonobu <monyo at monyo.com> / @damemonyo
  http://damedame.monyo.com/ / http://facebook.com/monyot