Prev: [Samba] Looking for AIX Users of Winbind -- Authorization and SSH Problems
Next: [Samba] Problems migrating NT4 domain to Samba
From: Matt Delves on 12 Nov 2009 18:10


>>> On 13/11/2009 at 9:54 am, Kevin Newman <kevinjnewman(a)gmail.com> wrote:
> 2. Authorization (e.g., who can log into the box ... NOT just all of AD).
> I'm pretty good at configuring Winbind on Linux, and on Linux there's a
> pam_winbind.conf file that I usually use to lock down the box to specific AD
> users or groups -- I use the require_membership_of line and it works just
> fine. Unfortunately, I don't see any pam_winbind.conf file in AIX by
> default. I've tried placing it in /etc/security/ or in other locations, but
> it doesn't seem to be used. I've also tried adding pam_winbind lines to the
> /etc/pam.conf and manually adding the "require_membership_of" after the
> stanza, like so:
>
> telnet account required /usr/lib/security/pam_winbind.so
> require_membership_of=someGroup
>

How I use winbind to lock down group membership is by using the /etc/security/access.conf file and to restrict the groups who can log in. This does mean you will have to use the pam_access module as well. This works quite well for me under Linux and may (I stress may as I haven't worked with AIX) provide a solution under AIX.

Hope this helps.

Thanks,
Matt Delves

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
 | 
Pages: 1
Prev: [Samba] Looking for AIX Users of Winbind -- Authorization and SSH Problems
Next: [Samba] Problems migrating NT4 domain to Samba