-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Matt,
On 09/22/2006 01:24 PM, Matt Herzog escreveu: > Thanks to Anthony Ciarochi at Centeris for this solution. > > I have a Centos (Red Hat-based) server that is now accessible to AD users > AND local users via ssh. I can control which AD groups can login using the > syntax below. Red Hat-based distros use "pam_stack" in pam.d which is quite > different than Debian's "include" based pam.d, > > cat /etc/pam.d/sshd > # ---------------------------------------------------------------------- > #%PAM-1.0 > auth required pam_stack.so service=system-auth > auth required pam_nologin.so > account sufficient pam_succeed_if.so user ingroup sshlogin > account sufficient pam_succeed_if.so user ingroup wheel > password required pam_stack.so service=system-auth > session required pam_stack.so service=system-auth > session required pam_loginuid.so > session sufficient pam_mkhomedir.so skel=/etc/skel umask=0027 > # ---------------------------------------------------------------------- > > The critical lines are: > > account sufficient pam_succeed_if.so user ingroup sshlogin > > The above is to allow an AD group "sshlogin" to ssh in. > > account sufficient pam_succeed_if.so user ingroup wheel > > The above allows anyone in the *local machine* unix group "wheel" to ssh in. > > session sufficient pam_mkhomedir.so skel=/etc/skel umask=0027 > > The above creates home dirs and dot files for AD users when they login for > the first time. Could you add that information to the wiki? http://wiki.samba.org Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFGBS+Cj65ZxU4gPQRArUBAKC9flCDxXXirUC9qeEeqnCSIT0WgACgsrIG X7Llvj5ONPRoV9RsW2N6FVI= =7vQ2 -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba