Re: [Samba] net ads user info .vs. wbinfo -g ?
That's really useful thanks. John On 21 June 2011 12:25, Robert Freeman-Day pres...@gmail.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/20/2011 12:44 PM, John McNulty wrote: The group names from these two commands display differently. For example: $ net ads user info my-name -U my-name . . Systems Engineering EU $ wbinfo -g . . systemsengineeringeu.write Why is this different? Regards, John John, The net command is a close relative to the net command for windows. It will display information in a format more like windows or ldap-like output. If you do this type of net command on your samba install: net ads search (SAMAccountName=adusername) -P you will get all the entries from active directory, similar to the output from ADSIedit. The -P allows you to use your samba machine's credentials (if it is joined to the domain). net ads search ((objectCategory=computer)(name=*rhel*)) -P Allows ldap-like searching. wbinfo and winbindd allow translation from windows account formats to unix-like account formats. This is why the outputs are different. If you were to do a getent passwd aduser you will get a direct entry that is as if it was from /etc/passwd. It is actually getting info from winbindd and translating it on the fly. Hope that helps differentiate them. Robert - -- Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4Af7EACgkQup357T5MfTZE2wCfbOebJzIGvrlJp+vSNJ/MOKv+ QF8An3NOKExf9gusbJfsZr/R13Heemwt =bdGG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restricting logins using pam_winbind require_membership_of ?
pam_access actually worked very well and is the most powerful / flexible of all the choices, so that's the one I'm going with. Thanks to everyone who replied. John On 20 June 2011 18:35, TAKAHASHI Motonobu mo...@monyo.com wrote: On 06/17/2011 12:28 PM, John McNulty wrote: Hi. I have some shares on a server that are offered to specific Active Directory user groups, but the business doesn't want those users to be able to login to the server. If I were to add require_membership_of to pam_winbind to limit logins and shut out the users I don't want, would it also have the side effect of denying those users access to the shares as well? From: John McNulty johnm...@gmail.com Date: Mon, 20 Jun 2011 10:50:45 +0100 The user accounts exist in Active Directory and we're using the rfc2307 schema. So the shell is set in AD. I cannot change the shell to /bin/false or that would affect all the other servers they login to. I see. You may manage local login with the facility of PAM, for example pam_access, pam_listfile or others... --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo http://damedame.monyo.com/ / http://facebook.com/monyot -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net ads user info .vs. wbinfo -g ?
The group names from these two commands display differently. For example: $ net ads user info my-name -U my-name . . Systems Engineering EU $ wbinfo -g . . systemsengineeringeu.write Why is this different? Regards, John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restricting logins using pam_winbind require_membership_of ?
Ah, maybe I'm not being clear enough. I want the AD users to be able to access the shares, but not ssh login to the system, which they can currently. I'm wondering if this is a method I can use to achieve that end, as an alternative to using AllowUsers/AllowGroups in sshd_config or using pam_listfile. On 17 June 2011 17:46, Aaron E. ssures...@gmail.com wrote: In the samba share definition you could add valid users = +group this should have the effect your looking for if I understand you correctly. If not my apologies.. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Restricting logins using pam_winbind require_membership_of ?
Hi. I have some shares on a server that are offered to specific Active Directory user groups, but the business doesn't want those users to be able to login to the server. If I were to add require_membership_of to pam_winbind to limit logins and shut out the users I don't want, would it also have the side effect of denying those users access to the shares as well? Regards, John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba