Re: [Samba] Not Obeying require_membership_of winbind.so when User must change password at next logon
On Thu, 2013-08-22 at 11:49 +, Jason Caylor wrote: Okay, so I have an Active Directory server running on Windows Server 2012 Standard I have configured Samba/Kerberos/Winbind on Ubuntu 13.04 to bind to the DC properly. I am able to login with my Active Directory users credentials. When I use the 'require_membership_of' option in pam.d/common-auth for winbind.so using the SID of the group I want to restrict access to, it works like a charm. Hi Say the group with that SID is mygroup. Does: getent group mygroup return a gidNumber? If so, then: Put only the users you want. Then common-account: account requiredpam_succeed_if.so user ingroup mygroup man pam_succeed_if BTW, I'd strongly advise changing to the ad backend. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Not Obeying require_membership_of winbind.so when User must change password at next logon
On Sun, 2013-09-01 at 09:56 +0200, steve wrote: On Thu, 2013-08-22 at 11:49 +, Jason Caylor wrote: Okay, so I have an Active Directory server running on Windows Server 2012 Standard I have configured Samba/Kerberos/Winbind on Ubuntu 13.04 to bind to the DC properly. I am able to login with my Active Directory users credentials. When I use the 'require_membership_of' option in pam.d/common-auth for winbind.so using the SID of the group I want to restrict access to, it works like a charm. Hi Say the group with that SID is mygroup. Does: getent group mygroup return a gidNumber? If so, then: Put only the users you want. Then common-account: account requiredpam_succeed_if.so user ingroup mygroup man pam_succeed_if BTW, I'd strongly advise changing to the ad backend. HTH Steve Hi Sorry, I'm not answering the question. These are not fixes, rather 'something else to try', things. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba