On Wed, 2009-12-02 at 14:20 +0100, Ralf Haferkamp wrote:
I see that the Ldap DN record will probably look like this:
CN=roropq,OU=RST,OU=KAJ24,OU=MMA,OU=SYD,OU=SCC
where CN= will obviously differ for all, but I think the rest will be the same. As you move to the left in the OU= list, the scope narrows. It is OU=RST,OU=KAJ24,OU=MMA,OU=SYD,OU=SCC that I want to restrict login to.
I understood. AFAIK this is currently not possible with winbind. I just learned however that you can restrict login based on groupmembership. Please have a look at the require_membership_of option for pam_winbind in the pam_winbind man-page. That way, if you put all the desired users into one group you could restrict login to be allowed only to members of that group.
Which begs the question:
How, in this context, do I put all users in the same group? I am not sure if I understand you problem. But I would use the Windows MMC to create a new group (e.g. linux-user) and make all the desired users members of
Am Mittwoch 02 Dezember 2009 14:51:33 schrieb Roger Oberholtzer: that group. Is there a problem with that? -- Ralf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org