LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Prevent Domain Logins (https://www.linuxquestions.org/questions/linux-security-4/prevent-domain-logins-482407/)

rj45 09-11-2006 08:43 AM
Prevent Domain Logins
 
I have an FC5 box that I've successfully joined to a Windows 2000 Active Directory domain. Samba/Winbind are configured and working; users can successfully authenticate against AD with Kerberos. What I'd like to do now is restrict access to a few select domain users. Administrative users should have access, of course, but the only other user I'd like to login would be my "maintenance" user (who has sudo rights).

Is it possible to configure either Linux itself or Samba/Winbind to prevent specific domain users from logging in? I know I can prevent the root user from logging in using Samba's "invalid users = root @wheel" switch, but I'm not sure if that will work to prevent domain users. Ideally, it would be better to allow specific users since there are only two or three rather than a list of denied users, of whom there are many, but I'll work with what I can get.

Can anyone help me out with this or point me to some helpful resources?

Thanks in advance,
rj45

stress_junkie 09-17-2006 10:55 PM
This is a job for PAM. Check out these web pages.

http://www.us.kernel.org/pub/linux/l...-html/pam.html

http://www.us.kernel.org/pub/linux/l...m-6.html#ss6.1


All times are GMT -5. The time now is 03:37 PM.