Here I go again with the opposite question. Now that I got unix login working, I want to disallow unix login to memberr server for AD users. How shall I configure ? /dev/null for the unixshell in AD ? Or is there a system wide (per server) smb.conf setting I can use ? This is the running smb.conf now. # Default ID mapping configuration for local BUILTIN accounts ?? ? ? ?idmap config * : backend = tdb ?? ? ? ?idmap config * : range = 3000-7999 # idmap config for the MAD domain ?? ? ? ?idmap config MAD : backend = ad ?? ? ? ?idmap config MAD : schema_mode = rfc2307 ?? ? ? ?idmap config MAD : range = 10000-999999 # winbind config: ?? ? ? ?idmap config MAD : unix_nss_info = yes ?? ? ? ?winbind use default domain = yes #? ? ? ?winbind enum users = yes #? ? ? ?winbind enum groups = yes Thank you all,
Hi Luis. Am 27.04.23 um 12:30 schrieb Luis Peromarta via samba:> Here I go again with the opposite question. > > Now that I got unix login working, I want to disallow unix login to memberr server for AD users. How shall I configure ? /dev/null for the unixshell in AD ? Or is there a system wide (per server) smb.conf setting I can use ?you mean ssh login? I am not aware that there is a smb.conf option for this. Maybe a pam config option would work here not sure. We do it via /etc/ssh/sshd_config AllowGroups or DenyGroups Regards Christian
On 27/04/2023 11:30, Luis Peromarta via samba wrote:> Here I go again with the opposite question. > > Now that I got unix login working, I want to disallow unix login to memberr server for AD users. How shall I configure ? /dev/null for the unixshell in AD ? Or is there a system wide (per server) smb.conf setting I can use ? >You already know this ;-) (unless you are talking about SSH) Either do not set the LoginShell attribute or set it to the template default /bin/false Rowland