search for: checkpwnam

...machine account was created, but Windows said user name cannot be found. I resolved this by adding ldap to /etc/nsswitch.conf, but this has the side effect of allowing ldap users to login to the server via SSH. Whilst I can understand the need for LDAP users to be accessible to the system, i.e. checkpwnam etc for permisisons, I don't want users to be able to login to anywhere except the client Windows 2000/XP boxes. People (only 3) who can login via SSH already have "real" user accounts in /etc/passwd etc. Is there a way to stop this being allowed? Thanks. Ben