Debian, Winbind: how to limit user login
Hi everybody,
Im'using a Debian 2.4.19 server with Samba and Winbind joined to a Windows 2000 domain. Authentication and home directory works fine, but I would like to know if there is some way to select which users in the domain can access this server (in the domain there are >600 users and only 150 of them should be able to login). By now everyone can access the server and this is not really what I wanted to do. Is there a way of doing it with a domain group management or something like that? :confused: Thank you! Francesco |
I had the same concerns but I installed Access Controll Lists and Extended Attributes to tighten my security more.
You can find out more at acl.bestbits.at It doesn't stop people from logging in but you can restrict any file access to specific groups that way. Hope this helps a bit anyway. |
This is a old post.
In case someone like me find this post after searching in the internet, here is the answer in modern days, it works on both debian and RHEL\CentOS. /etc/security/pam_winbind.conf To restrict access to uers in specified groups, add this line require_membership_of = [SID],[SID],[SID] Replace the [SID] with the proper AD User, or Group, SID. You can find out what users/groups are assigned which SIDs, with this command. wbinfo -n [NAME] reference: http://unix.stackexchange.com/questi...s-5-allow-only |
All times are GMT -5. The time now is 10:13 PM. |