Hello, I have winbind working well out of the box. However, I am having problems with using groups to restrict ssh access to the box. I have a feeling there are some tricks that I haven't thought of yet.
Here is the relevant parts of smb.conf: workgroup = FOO password server = server.foo.local realm = FOO.LOCAL security = ads idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash winbind use default domain = no winbind offline logon = false winbind enum users = no winbind enum groups = yes winbind separator = + 1. 'getent group' works and shows this group (yes, it is a different domain through a trust): NARF+tdtest:*:10521:NARF+joe_jel 2. I have this in sshd_config: AllowGroups root NARF+tdtest This works great! I can log in with NARF+joe_jel via ssh and life is good. However, I have a whole bunch of groups in AD that have spaces in them. I can see them fine in a 'getent group'. However, how can I restrict ssh access using these groups? I have tried quoting them in sshd_config but no luck. Any tricks here? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba