Specifying active directory users who can log into a SSH server
 

Hello --

I have set up a Samba server in our Active Directory environment that currently allows a particular user the ability to login using his domain user account from either the console or from an SSH connection. However, this ability is not available for any other user.

We are in the process of creating an Active Directory group that will contain an existing Active Directory group that will be granted access to the Samba server. Part of this project involves modifying the ssd_config file on the server.

To that end I was planning on adding the following line to the configuration file:

1. Is this the correct syntax? For example is it AllowUsers <username>, <username> or AllowUsers <GroupName>

2. Can I utilze group names as opposed to indvidual user names?

Thanks.

You could use

Otherwise it's

See also http://serverfault.com/questions/617...in-sshd-config

Hi,

I think you are in the correct path.
I can try to guide you, but I think that you just need to read man 5 sshd_config.
It has everything you need, and I doubt that I would be able to give a better explanation.
Pay careful attention to evaluation order of those directives that is: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.