Although I haven't had to configure winbind against AD, I'm pretty sure you need to configure NSS to use winbind and afterwards you can use pam_group. That is, you should be able to add a "winbind" entry to your "group" entry on your /etc/nsswitch.conf as long as you have the associated libnss_winbind.so installed on your system. Ensure that you are properly seeing the groups (getent group) before returning to configuring PAM. -- Jon Miller On Mon, Jan 9, 2012 at 3:48 AM, robert pearce <robert.pearce@xxxxxxxxx> wrote: > When using linux winbind authentication against active directory, is there a > way to check membership of an AD group using pam ? > > As far as i know pam_group only checks against local groups. > > Any help would be appreciated. > > Thanks, > - R > > This email is from JD Sports Fashion plc or one of its subsidiaries. The > contents of this email and any attachments are confidential and are intended > solely for the use of the intended recipient. The information in this email > may not be used, copied or disclosed by any person other than the intended > recipient. If you are not the intended recipient, please contact JD Sports > Fashion plc at admin@xxxxxxxxx, quoting the name of the sender and delete > the message from your system. > > Please note that neither JD Sports Fashion plc or the sender accepts any > responsibility for viruses and it is your responsibility to scan the email > and any attachments. No contracts may be concluded on behalf of JD Sports > Fashion plc by email. > > JD Sports Fashion plc - Registered in England No. 1888425. Registered > Office: Hollinsbrook Way, Pilsworth, Bury, Lancashire, BL9 8RR. > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list