pam_access actually worked very well and is the most powerful / flexible of all the choices, so that's the one I'm going with.
Thanks to everyone who replied. John On 20 June 2011 18:35, TAKAHASHI Motonobu <mo...@monyo.com> wrote: > On 06/17/2011 12:28 PM, John McNulty wrote: > > Hi. > > > > I have some shares on a server that are offered to specific Active > Directory > > user groups, but the business doesn't want those users to be able to > login > > to the server. If I were to add "require_membership_of" to pam_winbind > to > > limit logins and shut out the users I don't want, would it also have the > > side effect of denying those users access to the shares as well? > > From: John McNulty <johnm...@gmail.com> > Date: Mon, 20 Jun 2011 10:50:45 +0100 > > > The user accounts exist in Active Directory and we're using the rfc2307 > > schema. So the shell is set in AD. I cannot change the shell to > /bin/false > > or that would affect all the other servers they login to. > > I see. You may manage local login with the facility of PAM, for > example pam_access, pam_listfile or others... > > --- > TAKAHASHI Motonobu <mo...@monyo.com> / @damemonyo > http://damedame.monyo.com/ / http://facebook.com/monyot > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba