Hi, I am a bit of a linux newbie but I am trying to go over some systems that I have been left with. I have installed winbind, samba and ssh on a fresh debian server but I am having some problems give Active Directory users ssh access.

When I look in /etc/ssh/sshd_config I see that root and the user I created during install are added to AllowGroups line. Having a quick look around it seems to me that users should be added with AllowUsers, but when I try and change it I lose ssh access for root so I kept it as AllowGroups.

The previous admin set up a windows group, linuxusers, when I add this to sshd_config AllowGroups I am able to ssh to the server. When I then remove the group from sshd_config I am still able ssh to the server. I restart ssh with /etc/init.d/ssh reload. How do I remove access from users/groups?

I created a new windows group, websixssh, when I add to the AllowGroups in sshd_config users are not able to ssh to the server. Also if I add a new user to the old group, linuxusers, they cant ssh to the server.

The user gets a access is denied message, and in /var/log/auth.log
Jan 2 15:26:13 EUKWeb6 sshd[8090]: User masum.islam from euk-sb34110. not allowed because none of user's groups are listed in AllowGroups
Jan 2 15:26:13 EUKWeb6 sshd[8090]: Failed none for invalid user masum.islam from 10.4.1.35 port 57116 ssh2

Does anyone have an idea what I am doing wrong?

Winbind can return the group and user details with wbinfo

Cheers.

You want to get it done quickly, try and use http://www.centrify.com/express/free...mac.asp#agents

easy integration and get it done in minutes, have used them before, its free and never had any issues.

Hi amlife,
I will look into Centrify as I am still unable to resolve.
Cheers.

The keyword is kerberos. Try googling "debian ssh activedirectory". These links all seem worthwhile, with the first one quite recent:

http://inutility.net/work/debian-squ...witcher=mobile

http://zeldor.biz/2010/12/debian-join-windows-domain/

http://blog.mycroes.nl/2012/02/linux...directory.html