pam_access actually worked very well and is the most powerful / flexible of
all the choices, so that's the one I'm going with.
Thanks to everyone who replied.
John
On 20 June 2011 18:35, TAKAHASHI Motonobu wrote:
> On 06/17/2011 12:28 PM, John McNulty wrote:
> > Hi.
> >
> > I have some shares
On 06/17/2011 12:28 PM, John McNulty wrote:
> Hi.
>
> I have some shares on a server that are offered to specific Active Directory
> user groups, but the business doesn't want those users to be able to login
> to the server. If I were to add "require_membership_of" to pam_winbind to
> limit login
From: John McNulty
Date: Sat, 18 Jun 2011 15:14:07 +0100
> Ah, maybe I'm not being clear enough. I want the AD users to be able to
> access the shares, but not ssh login to the system, which they can
> currently.
How have you configured around winbind?
By default, the shell for users created b
Ah, maybe I'm not being clear enough. I want the AD users to be able to
access the shares, but not ssh login to the system, which they can
currently. I'm wondering if this is a method I can use to achieve that end,
as an alternative to using AllowUsers/AllowGroups in sshd_config or using
pam_list
On 6/17/2011 09:46, Aaron E. wrote:
In the samba share definition you could add
valid users = +group
this should have the effect your looking for if I understand you
correctly. If not my apologies..
On 06/17/2011 12:28 PM, John McNulty wrote:
Hi.
I have some shares on a server that are offe
In the samba share definition you could add
valid users = +group
this should have the effect your looking for if I understand you
correctly. If not my apologies..
On 06/17/2011 12:28 PM, John McNulty wrote:
Hi.
I have some shares on a server that are offered to specific Active Directory
user
Hi.
I have some shares on a server that are offered to specific Active Directory
user groups, but the business doesn't want those users to be able to login
to the server. If I were to add "require_membership_of" to pam_winbind to
limit logins and shut out the users I don't want, would it also ha