Il 20/02/2012 17:20, Daniel Patrick Sullivan ha scritto:
> The first is;
> 1) Is it possible to deterministically set the domain name that will
> be used when the "winbind use default domain = Yes" option is
> configured in /etc/samba/smb.conf? I want to set a default domain,
> however I do not want the default domain to reflect the domain
> membership of the server. I do not see this in the documentation,
> although I admittedly haven't looked *that* hard.
That would be useful to me, too.
I tried setting "idmap config STUDENTI:default = yes" w/o results
(machine is joined to PERSONALE domain).
> 2) I am using a configuration line such as the following to restrict
access;
> winbind use default domain = Yes
> auth requisite pam_succeed_if.so user ingroup
> AD\org_cri_cri_galaxy_administrators debug
> This is working all fine and good, although I would like to actually
> have another group. It seems that whenever I add another similar line
> the pam auth bombs out after the first failure. Is it possible to
> restrict authorization to multiple groups in this manner?
I think it can check only one group, but that's not a problem: just
create a group (whose membership you'll check) that contains the other
groups you want to enable access. I usually do that for users allowed to
access a machine: a 'machinename-authorized' group that contains
'lab-administrators' group and users/groups allowed to access that
machine. This way I can be sure 'lab-administrators' are allowed access.
BYtE,
Diego.