Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-24-2007, 03:44 PM   #1
LQ Newbie
Registered: Aug 2007
Posts: 2

Rep: Reputation: 0
Question SSH + Winbind Group Authentication Question

I have currently setup my linux box to accept user accounts from my Windows 2000 Active Directory Domain. Everything is working great and it is accepting all AD users.

Now I wish to secure SSH connections by group name. I am assuming I would just add the following line to the sshd_config file:

AllowGroups DOMAIN+groupname

However, this does not seem to work. Neither does AllowUsers at that matter.

I am able to run "getent groups" to receive group memberships and am able to verify that I am properly connected to the domain.

Guess my main question is: can I use WINBIND Groups in SSH security? If not, how else should I go about setting up this type of security?

If anyone needs to look at my code/logs, I will be more than happy to provide it.

THANKS TO ALL IN ADVANCE FOR HELP. Any suggestions or input will be appreciated.
Old 08-28-2007, 05:33 PM   #2
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599
Originally Posted by ericspreher View Post
can I use WINBIND Groups in SSH security?
Tried using "pam_winbind" in the auth and account parts of your /etc/pam.d/ssh* stack?
Old 08-29-2007, 01:52 PM   #3
LQ Newbie
Registered: Aug 2007
Posts: 2

Original Poster
Rep: Reputation: 0
Lightbulb [Solved] -- SSH +Winbind Group Authentication

Thanks for the reply and the help. I actually found the problem, but was waiting to make sure it worked. For some reason there was a gid restriction in the main pam security file. It was restricting it by the generated GID Number of certain AD groups. Know idea why it did that.

Anyways, once I remove the restriction, it worked like a charm.

One thing I should note is that I cannot use AD groups with SPACES in the name. I tried using double-quotes (") for the AllowGroups command, but it didn't seem to like it.

Do you know if a way to allow spaces in the group name for the SSH configuration? If not, no big deal.

Thanks again for your help.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Winbind authentication NT_STATUS_NO_SUCH_USER MediMania Linux - Networking 0 10-02-2006 07:31 AM
all winbind members of same group paul_mat Linux - Networking 0 01-16-2006 06:46 PM
winbind: group members? eantoranz Linux - Software 0 11-01-2005 09:47 AM
Samba + Winbind + Domain Users group wheeliemonster Linux - Networking 0 01-27-2004 10:56 AM
Samba, winbind, NT authentication Karma Linux - Networking 0 10-16-2002 04:32 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:18 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration