LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-11-2006, 09:43 AM   #1
rj45
LQ Newbie
 
Registered: Sep 2006
Distribution: Fedora Core
Posts: 1

Rep: Reputation: 0
Prevent Domain Logins


I have an FC5 box that I've successfully joined to a Windows 2000 Active Directory domain. Samba/Winbind are configured and working; users can successfully authenticate against AD with Kerberos. What I'd like to do now is restrict access to a few select domain users. Administrative users should have access, of course, but the only other user I'd like to login would be my "maintenance" user (who has sudo rights).

Is it possible to configure either Linux itself or Samba/Winbind to prevent specific domain users from logging in? I know I can prevent the root user from logging in using Samba's "invalid users = root @wheel" switch, but I'm not sure if that will work to prevent domain users. Ideally, it would be better to allow specific users since there are only two or three rather than a list of denied users, of whom there are many, but I'll work with what I can get.

Can anyone help me out with this or point me to some helpful resources?

Thanks in advance,
rj45
 
Old 09-17-2006, 11:55 PM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
This is a job for PAM. Check out these web pages.

http://www.us.kernel.org/pub/linux/l...-html/pam.html

http://www.us.kernel.org/pub/linux/l...m-6.html#ss6.1
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Prevent a single user from multiple simultaneous logins MichaelP Linux - Networking 6 03-12-2008 11:11 AM
samba domain logins with Mac OS X linuxlastslonge Linux - Software 1 08-05-2005 08:52 PM
Joining a machine from another domain to my linux samba domain acummins Linux - Networking 0 09-13-2003 08:07 AM
Samba Domain Logins WeNdeL Linux - Software 0 02-26-2003 09:44 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration