check winbind AD group memberships

[robert pearce]

ok i'll give it a go. We already have winbind working with the AD groups 
via getent group, and did indeed edit the nsswitch file, it's just that 
the pam_group documentation i saw was mentioning the groups needing to 
be in /etc/security/group.conf

thanks.


On 09/01/12 12:52, Jon Miller wrote:
> Although I haven't had to configure winbind against AD, I'm pretty
> sure you need to configure NSS to use winbind and afterwards you can
> use pam_group. That is, you should be able to add a "winbind" entry to
> your "group" entry on your /etc/nsswitch.conf as long as you have the
> associated libnss_winbind.so installed on your system.
>
> Ensure that you are properly seeing the groups (getent group) before
> returning to configuring PAM.
>
> -- Jon Miller
>
> On Mon, Jan 9, 2012 at 3:48 AM, robert pearce<robert.pearce at jdplc.com>  wrote:
>> When using linux winbind authentication against active directory, is there a
>> way to check membership of an AD group using pam ?
>>
>> As far as i know pam_group only checks against local groups.
>>
>> Any help would be appreciated.
>>
>> Thanks,
>> - R
>


This email is from JD Sports Fashion plc or one of its subsidiaries. The contents of this email and any attachments are confidential and are intended solely for the use of the intended recipient. The information in this email may not be used, copied or disclosed by any person other than the intended recipient. If you are not the intended recipient, please contact JD Sports Fashion plc at admin at jdplc.com, quoting the name of the sender and delete the message from your system.

Please note that neither JD Sports Fashion plc or the sender accepts any responsibility for viruses and it is your responsibility to scan the email and any attachments. No contracts may be concluded on behalf of JD Sports Fashion plc by email.

JD Sports Fashion plc - Registered in England No. 1888425. Registered Office: Hollinsbrook Way, Pilsworth, Bury, Lancashire, BL9 8RR.