From a howto:
Quote:
Linux provides a variety of PAM modules for doing authorization. Peruse /usr/share/doc/pam-*/txts/* on a Red Hat box to see all of the available options. The one that seemed to be the best fit for me was pam_access. First you add an entry like this to /etc/pam.d/system-auth:
account required /lib/security/pam_access.so
Then add appropriate entries to /etc/security/access.conf. Here's a sample:
# Allow only a few users to login
-:ALL EXCEPT root joe bob jane:ALL
|
An entry the begins with a "+" could allow users and groups and the EXCEPT would exclude. The example above does the opposite, denying ALL except, which generally is a better strategy. Also please read the samba documentation. PAM and tcp_wrapper support is built into samba so the smb.conf file may be a better place to do this.
Also look into /etc/pam.d/login and /etc/pam.d/system-auth.
Reading up on PAM, the NAG guide from the
www.tldp.org website, and the Samba 3 books (which you can download from the Samba.org website) would probably be a good idea. Aside from limiting access to samba shares or limiting the times of logins, you also need to be concerned with the security of the server itself, such as locking down ssh access and securing MySQL if it is used.
Alot depends on the size of your organization and the networking technology you are using or will be using. For example, do you use domain controllers as in an XP network, or do you want to replace a ADC based system (WIN2000).
The "Samba 3 by Example" book has several sample configurations, with step by step instructions. The Samba 3 Reference and Howto has a lot of necessary background information.