On Wed, 2009-12-02 at 11:52 +0100, Ralf Haferkamp wrote:
I think you are mixing up a few things here. As far as I understood Roger he was using the Windows Domain Membership YaST Module to join an openSUSE Client into a Windows AD Domain. That does neither use pam_ldap or nss_ldap or nss- ldapd. It is using winbindd (and it's nss/pam modules), which is the preferred way to become a member in an Active Directory enviroment as winbind knows much better how to handle some of the quirks and "features" of Active Directory than the generic ldap modules do.
I am indeed using SAMBA's winbind, as set up via YaST.
As for the original Question, I don't know exactly if/how it is possible to restrict login on certain host to certain users/groups with winbind. Probably one of our samba experts does. Lars?
I see that the Ldap DN record will probably look like this: CN=roropq,OU=RST,OU=KAJ24,OU=MMA,OU=SYD,OU=SCC where CN= will obviously differ for all, but I think the rest will be the same. As you move to the left in the OU= list, the scope narrows. It is OU=RST,OU=KAJ24,OU=MMA,OU=SYD,OU=SCC that I want to restrict login to. But how? -- Roger Oberholtzer OPQ Systems / Ramböll RST Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden Office: Int +46 10-615 60 20 Mobile: Int +46 70-815 1696 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org