On Fri, Jul 10, 2009 at 11:34 PM, Terry<td3...@gmail.com> wrote: > Hello, > > I have winbind working well out of the box. However, I am having > problems with using groups to restrict ssh access to the box. I have > a feeling there are some tricks that I haven't thought of yet. > > Here is the relevant parts of smb.conf: > workgroup = FOO > password server = server.foo.local > realm = FOO.LOCAL > security = ads > idmap uid = 10000-20000 > idmap gid = 10000-20000 > template shell = /bin/bash > winbind use default domain = no > winbind offline logon = false > winbind enum users = no > winbind enum groups = yes > winbind separator = + > > 1. 'getent group' works and shows this group (yes, it is a different > domain through a trust): > NARF+tdtest:*:10521:NARF+joe_jel > > 2. I have this in sshd_config: > AllowGroups root NARF+tdtest > > This works great! I can log in with NARF+joe_jel via ssh and life is > good. However, I have a whole bunch of groups in AD that have spaces > in them. I can see them fine in a 'getent group'. However, how can I > restrict ssh access using these groups? I have tried quoting them in > sshd_config but no luck. Any tricks here? > > Thanks! >
Anyone have some other ideas to get around the 'groups with spaces' problem I am having here? Other programs like sudo allow me to escape the spaces. SSH is being more problematic. Any thoughts? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba