On Thu, 2013-08-22 at 11:49 +0000, Jason Caylor wrote: > Okay, so I have an Active Directory server running on Windows Server 2012 > Standard > I have configured Samba/Kerberos/Winbind on Ubuntu 13.04 to bind to the DC > properly. > I am able to login with my Active Directory users credentials. > When I use the 'require_membership_of' option in pam.d/common-auth for > winbind.so using the SID of the group I want to restrict access to, it works > like a charm.
Hi Say the group with that SID is mygroup. Does: getent group mygroup return a gidNumber? If so, then: Put only the users you want. Then common-account: account required pam_succeed_if.so user ingroup mygroup man pam_succeed_if BTW, I'd strongly advise changing to the ad backend. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
