You can restrict access to specific local and domain groups: #account required pam_stack.so service=system-auth account sufficient pam_succeed_if.so user ingroup users account sufficient pam_succeed_if.so user ingroup webdevelopers
Check here for more info: http://linux.die.net/man/8/pam_succeed_if Andrew Philipoff Infrastructure Coordinator Information Systems Department of Medicine, UCSF -----Original Message----- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Luv Linux Sent: Wednesday, September 16, 2009 4:14 PM To: samba@lists.samba.org Subject: [Samba] locking down ssh when using winbind Hi all, I'm using samba with winbind which has been integrated with Active Directory. In the smb.conf file, I have template shell = /bin/bash winbind use default domain = yes to allow ssh but I don't want all the domain users to be able to ssh. Is there a way to only allow for example) domain\ssh_group which is an active directory group to be able to ssh into the server? This is my current pam.d/sshd file: auth required pam_nologin.so auth sufficient pam_stack.so service=system-auth auth sufficient pam_winbind.so account sufficient pam_stack.so service=system-auth account sufficient pam_winbind.so password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session required pam_loginuid.so -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
smime.p7s
Description: S/MIME cryptographic signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba