PAM question

Using SUSE 11 sp3 for VMWARE -

Samba/winbind I have followed several examples about how to setup a SAMBA share using AD authentication but not allowing AD users the ability to log in by any means. I have setup the samba share with the ad users explicitly set in the samba.conf. Then I would go into /etc/pam.d/common-auth and add after “auth required use_first_pass” [COLOR="#800080"]require_membership_of=[sid of domain admins][/COLOR] and this works except!!
At the top of the common-auth states: # This file is autogenerated by pam-config. All changes will be overwritten and they do.

So where would I set the require_membership_of= to restrict log in capabilities. Or is there a way to prevent pam-conf from overriding any changes, or is there a way to set them in pam-conf.


Well no one else has offered an answer yet, so I’m going to suggest one approach you could take would be to make /etc/pam.d/common-auth a file rather than a symlink to /etc/pam.d/common-auth-pc. That way pam-config won’t change it.

$ cd /etc/pam.d/ $ unlink common-auth $ grep -v ^# common-auth-pc > common-auth