I have not configured LDAP for this task. I do have winbind configured
though for Samba Authentication. Do I have to setup LDAP also to all
group specification in the SSHD config?=20

-----Original Message-----
From: Darren Tucker [mailto:dtucker@zip.com.au]=20
Sent: Friday, June 02, 2006 10:26 PM
To: Reese,Richard Stephen
Cc: secureshell@securityfocus.com
Subject: Re: AllowGroups (SSHD) not working with kerberos or winbind

Reese,Richard Stephen wrote:
> I'm trying to allow a specific group in our Active Directory Domain to

> ssh into a server (openssh-server-3.9p1-8.RHEL4.12) we have. If the=20
> line is commented out then it works fine, but any user in our domain=20
> may login if they have a account on the system. When the directive is=20
> uncommented to become active no user can login.
> I can view users and groups using wbinfo -u or -g. Any


Have you configured /etc/nsswitch.conf to look up active directory
groups (presumably via nss_ldap)?

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.