On Thu, Jun 08, 2006 at 04:09:29PM -0400, Reese,Richard Stephen wrote:
>
>> Have you configured /etc/nsswitch.conf to look up active directory
>> groups (presumably via nss_ldap)?

>
> I have not configured LDAP for this task. I do have winbind configured
> though for Samba Authentication. Do I have to setup LDAP also to all
> group specification in the SSHD config?


sshd just uses getgrouplist() (or the equivalent getgrent() calls) to
determine which groups a given user is in. As long as the "groups"
part of nsswitch.conf is set up and works correctly then sshd should
be able to use it. (I have not used winbind so I'm not sure what steps
are required in order to do this, though.)

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.