Hi,
you can use pam_groupdn in /etc/ldap.conf to restrict the users having
access to a given workstation. Only the users who belong to a given
group will be able to log in, ex.:
pam_groupdn cn=Allowed Workstation Login in bld
14,ou=Somewhere,dc=example,dc=com
@+
2010/11/15 Allan Hougham <allanhougham(a)hotmail.com>:
Hi,
I need autenticate LDAPs Groups, but I can´t
Anybody can working with this feature? or mapping users with groups and
later configuring the LDAP Client?
What are the steps for setting LDAP Clients with LDAP Groups?
Thanks a lot!
Allan
________________________________
From: allanhougham(a)hotmail.com
To: 389-users(a)lists.fedoraproject.org
Date: Tue, 9 Nov 2010 13:36:21 +0000
Subject: Re: [389-users] SSH AllowGroups and LDAP authentication
Hi Patrick,
What does "groups ahougham" show on that box? Is that user in an allowed
group?
ahougham is a user in "Search" group
I need anothe parameter or any adicional setting? do you have any tutorial
with this configuration and what parameters I need in PAM file?
Thanks!
Allan
________________________________
Date: Mon, 8 Nov 2010 10:43:15 -0800
From: patrick.morris(a)hp.com
To: 389-users(a)lists.fedoraproject.org
Subject: Re: [389-users] SSH AllowGroups and LDAP authentication
On 11/8/2010 8:56 AM, Allan Hougham wrote:
I need help with this issue, I setting sshd_config with "AllowGroups" but I
can´t authenticate with LDAP, the groups are settings up, this is my
configuration:
Do you have any tutorial or guide for setting ssh authentication groups with
LDAP?
This is the mistake, but the user ahougham is in "Search Group"
[root@ds03 log]# tail -f secure
Nov 6 04:09:33 ds03 sshd[7055]: User ahougham from 10.10.38.27 not allowed
because none of user's groups are listed in AllowGroups
Assuming your system is set up to use LDAP groups (usually via PAM, so make
sure SSH is configured to use PAM), you don't need to do anything special to
use AllowGroups.
What does "groups ahougham" show on that box? Is that user in an allowed
group?
-- 389 users mailing list 389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users