ok i'll give it a go. We already have winbind working with the AD groups
via getent group, and did indeed edit the nsswitch file, it's just that
the pam_group documentation i saw was mentioning the groups needing to
be in /etc/security/group.conf
On 09/01/12 12:52, Jon Miller wrote:
Although I haven't had to configure winbind against AD, I'm pretty
sure you need to configure NSS to use winbind and afterwards you can
use pam_group. That is, you should be able to add a "winbind" entry to
your "group" entry on your /etc/nsswitch.conf as long as you have the
associated libnss_winbind.so installed on your system.
Ensure that you are properly seeing the groups (getent group) before
returning to configuring PAM.
-- Jon Miller
On Mon, Jan 9, 2012 at 3:48 AM, robert pearce<robert.pearce@xxxxxxxxx> wrote:
When using linux winbind authentication against active directory, is there a
way to check membership of an AD group using pam ?
As far as i know pam_group only checks against local groups.
Any help would be appreciated.
This email is from JD Sports Fashion plc or one of its subsidiaries. The contents of this email and any attachments are confidential and are intended solely for the use of the intended recipient. The information in this email may not be used, copied or disclosed by any person other than the intended recipient. If you are not the intended recipient, please contact JD Sports Fashion plc at admin@xxxxxxxxx, quoting the name of the sender and delete the message from your system.
Please note that neither JD Sports Fashion plc or the sender accepts any responsibility for viruses and it is your responsibility to scan the email and any attachments. No contracts may be concluded on behalf of JD Sports Fashion plc by email.
JD Sports Fashion plc - Registered in England No. 1888425. Registered Office: Hollinsbrook Way, Pilsworth, Bury, Lancashire, BL9 8RR.
Pam-list mailing list