Web lists-archives.com

Re: [Samba] Restricting AD group logging on to Servers




Thanks Marco, see inline comments below.

> -----Original Message-----
> From: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] On Behalf Of Marco Gaiarin via samba
> Sent: 04 December 2017 08:38
> To: samba@xxxxxxxxxxxxxxx
> Subject: Re: [Samba] Restricting AD group logging on to Servers
> 
> Mandi! Roy Eastwood via samba
>   In chel di` si favelave...
> 
> > or should I set it to /dev/null or similar non-existent dir?
> 
> Pay a little attention to that.
> 
> If you set an invalid shell for users, in newer debian this can lead to
> minor trouble (eg; if you run scripts for users with 'su', they did not work or
> you have to run with explicit shell).
> 

This was not for the shell, but for the homedir setting - to prevent a user logging on with key authentication (nowhere for the user to save a public key).

> 
> I prefere to have all users with valid shell, and act elsewhere (eg, in
> SSH in 'authorized-groups').
> 
> --
> dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66

Regards,

Roy


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba