If you dont want some users to be able to login using their posix
accounts give to them a null shell, put /bin/false in the shell
attribute. I dont know what distribution do you use or what is the
default of idealx scripts, but in Debian, smbldap-tools (the packaged
idealx scripts) does that by default. That way any access that requires
a shell will not work for these users.
Regards.
Edmundo Valle Neto
Ben Wheare escreveu:
Hiya,
I'm trying to set up a Samba PDC with an LDAP backend.
I experienced problems joining machines to domains, the machine
account was created, but Windows said user name cannot be found.
I resolved this by adding ldap to /etc/nsswitch.conf, but this has the
side effect of allowing ldap users to login to the server via SSH.
Whilst I can understand the need for LDAP users to be accessible to
the system, i.e. checkpwnam etc for permisisons, I don't want users to
be able to login to anywhere except the client Windows 2000/XP boxes.
People (only 3) who can login via SSH already have "real" user
accounts in /etc/passwd etc.
Is there a way to stop this being allowed?
Thanks.
Ben
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba