[OpenIndiana-discuss] How to disable local/remote login, still allowing access to smb share?

Dmitry Kozhinov dima at desktopfay.com
Mon Oct 29 15:53:19 UTC 2012 

So the solution should be somewhere around PAM...

I would be happy if I could maintain a separate username/password 
database for smb/cifs shares, not related to OI users, but afraid this 
is not possible.

On 29.10.2012 21:46, Dan Swartzendruber wrote:
> Wrt /bin/false, I ran into such an exception: I installed freeradius on my
> ubuntu main server so my astaro gateway could authenticate people.  They
> already had accounts on that host for email - all of them using /bin/false.
> I naively tried to use the freeradius plugin "unix password" (not the right
> name, but the gist is accurate.)  freeradius would reject auth attempts due
> to 'invalid shell'.  I ended up using the pam plugin and all was well...
>
> -----Original Message-----
> From: Jan Owoc [mailto:jsowoc at gmail.com]
> Sent: Monday, October 29, 2012 11:24 AM
> To: Discussion list for OpenIndiana
> Subject: Re: [OpenIndiana-discuss] How to disable local/remote login, still
> allowing access to smb share?
>
> Hi Dmitry,
>
> On Mon, Oct 29, 2012 at 9:17 AM, Dmitry Kozhinov <dima at desktopfay.com>
> wrote:
>> I am still newbie to UNIX administration. Please advise. After setting
>> up a storage server (a number of smb shares, as described at
>> http://wiki.openindiana.org/oi/Using+OpenIndiana+as+a+storage+server),
>> I ended up having a number of users at my system, each one needed only
>> to access an smb share from a Windows client machine. How do I prevent
>> using these usernames/passwords to login locally or remotely to the
>> server, and only use them to access smb shares?
> I'm not a professional UNIX administrator, but the way I've seen it done is
> to set the logon shell for those users to "/bin/false". An alternative is
> "/usr/bin/passwd", so they can't get a logon shell, but they can "log on" to
> change their password. There are some things for which /bin/false doesn't
> work, but it might be enough for your needs [1].
>
> [1] http://www.semicomplete.com/articles/ssh-security/
>
> Jan
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>

More information about the OpenIndiana-discuss mailing list