Re: [Samba] Restricting logins using pam_winbind require_membership_of ?
pam_access actually worked very well and is the most powerful / flexible of all the choices, so that's the one I'm going with. Thanks to everyone who replied. John On 20 June 2011 18:35, TAKAHASHI Motonobu mo...@monyo.com wrote: On 06/17/2011 12:28 PM, John McNulty wrote: Hi. I have some shares on a server that are offered to specific Active Directory user groups, but the business doesn't want those users to be able to login to the server. If I were to add require_membership_of to pam_winbind to limit logins and shut out the users I don't want, would it also have the side effect of denying those users access to the shares as well? From: John McNulty johnm...@gmail.com Date: Mon, 20 Jun 2011 10:50:45 +0100 The user accounts exist in Active Directory and we're using the rfc2307 schema. So the shell is set in AD. I cannot change the shell to /bin/false or that would affect all the other servers they login to. I see. You may manage local login with the facility of PAM, for example pam_access, pam_listfile or others... --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo http://damedame.monyo.com/ / http://facebook.com/monyot -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restricting logins using pam_winbind require_membership_of ?
On 06/17/2011 12:28 PM, John McNulty wrote: Hi. I have some shares on a server that are offered to specific Active Directory user groups, but the business doesn't want those users to be able to login to the server. If I were to add require_membership_of to pam_winbind to limit logins and shut out the users I don't want, would it also have the side effect of denying those users access to the shares as well? From: John McNulty johnm...@gmail.com Date: Mon, 20 Jun 2011 10:50:45 +0100 The user accounts exist in Active Directory and we're using the rfc2307 schema. So the shell is set in AD. I cannot change the shell to /bin/false or that would affect all the other servers they login to. I see. You may manage local login with the facility of PAM, for example pam_access, pam_listfile or others... --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo http://damedame.monyo.com/ / http://facebook.com/monyot -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restricting logins using pam_winbind require_membership_of ?
On 6/17/2011 09:46, Aaron E. wrote: In the samba share definition you could add valid users = +group this should have the effect your looking for if I understand you correctly. If not my apologies.. On 06/17/2011 12:28 PM, John McNulty wrote: Hi. I have some shares on a server that are offered to specific Active Directory user groups, but the business doesn't want those users to be able to login to the server. If I were to add require_membership_of to pam_winbind to limit logins and shut out the users I don't want, would it also have the side effect of denying those users access to the shares as well? Regards, John I'm suddenly curious about this as well. please let us know your results! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restricting logins using pam_winbind require_membership_of ?
Ah, maybe I'm not being clear enough. I want the AD users to be able to access the shares, but not ssh login to the system, which they can currently. I'm wondering if this is a method I can use to achieve that end, as an alternative to using AllowUsers/AllowGroups in sshd_config or using pam_listfile. On 17 June 2011 17:46, Aaron E. ssures...@gmail.com wrote: In the samba share definition you could add valid users = +group this should have the effect your looking for if I understand you correctly. If not my apologies.. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restricting logins using pam_winbind require_membership_of ?
From: John McNulty johnm...@gmail.com Date: Sat, 18 Jun 2011 15:14:07 +0100 Ah, maybe I'm not being clear enough. I want the AD users to be able to access the shares, but not ssh login to the system, which they can currently. How have you configured around winbind? By default, the shell for users created by winbindd is set to /bin/false so they can not login to the system. --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo http://damedame.monyo.com/ / http://facebook.com/monyot -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Restricting logins using pam_winbind require_membership_of ?
Hi. I have some shares on a server that are offered to specific Active Directory user groups, but the business doesn't want those users to be able to login to the server. If I were to add require_membership_of to pam_winbind to limit logins and shut out the users I don't want, would it also have the side effect of denying those users access to the shares as well? Regards, John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restricting logins using pam_winbind require_membership_of ?
In the samba share definition you could add valid users = +group this should have the effect your looking for if I understand you correctly. If not my apologies.. On 06/17/2011 12:28 PM, John McNulty wrote: Hi. I have some shares on a server that are offered to specific Active Directory user groups, but the business doesn't want those users to be able to login to the server. If I were to add require_membership_of to pam_winbind to limit logins and shut out the users I don't want, would it also have the side effect of denying those users access to the shares as well? Regards, John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba