Oh the humanity! Configuring chrooted sftp always seems like a chore when you combine it with an out side authentication like winbind or pbis (Power Broker Identity Services).
So configuring /etc/ssh/sshd_config is straight forward. All you need to change is:
http://en.wikibooks.org/wiki/OpenSSH/Cookbook/SFTP
But I kept seeing errors in /var/log/secure that said denied access because they are not in the ‘require membership of’ list and [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:domain.local\user][error code:40158]
Finally figured out that you can adjust this so that they are allowed performing the following commands (need to be root or have sudo access):
/opt/pbis/bin/config --list
/opt/pbis/bin/config --details RequireMembershipOf
/opt/pbis/bin/config RequireMembershipOf "domain.local\\account1" "domain.local\\user2"Just don’t change something major like
sudo /opt/pbis/bin/config AssumeDefaultDomain trueThat will just lock you out.
Recent Comments