[SOLVED] Big problem, dont know where to look!

[st-evo]

Hi all, I have finally got one of our servers running smoothly, but I have just noticed that if you login via ssh as ANY domain user which as I really dont have to explain why this can be a sercurity risk.

I have a feeling its a samba problem, so I have locked the server down to access from the IT office only, but I would like to get this removed asap. I cannot remove samba either as we are using it for transparent / AD login via squid.

Im really at my wits end with this atm, Ive searched all over the net, all I want to know is how to turn off user creation via login / cut login down to a certain group in AD or one which is already on the server. Any ideas?

[st-evo]

I have found the problem with this, I couldnt find it anywhere on the internet, but the problem was with the nsswitch.conf, allowing the passwd to access winbind ment that it could pull accounts down from AD and create accounts on the box.

Removed, tested, restarted, tested and all working fine