8:09 a.m.
Hi
I did install 389 and LDAP authentication, what i need to do now is allow
access to users only to certain systems, I did checkout :
http://directory.fedoraproject.org/wiki/Howto:Posix#How_to_set_up_host_ba...
I tried the old method because I could not figure out the new method, I did
enable pam_check_host_attr "did not change any pam settings though" and I
have use_pam enabled in sshd_config, but the user was still able to logon
through SSH even though no hosts were listed in his attributes.
Please advice.
Regards
12:03 p.m.
On Mon, Mar 05, 2012 at 08:09:04 -0600, Ali Jawad wrote:
Hi
I did install 389 and LDAP authentication, what i need to do now is allow
access to users only to certain systems, I did checkout :
http://directory.fedoraproject.org/wiki/Howto:Posix#How_to_set_up_host_ba...
I tried the old method because I could not figure out the new method, I
did enable pam_check_host_attr "did not change any pam settings though"
and I have use_pam enabled in sshd_config, but the user was still able to
logon through SSH even though no hosts were listed in his attributes.
Please advice.
Regards
Hello,
What version of OpenSSH are you using and how did the user authenticate?
For example, did the user use publickey authentication instead of
password or challenge-response? Are you calling pam_ldap in the account
portion of your PAM stack? What do you see in the LDAP server's access
log when the user authenticates?
--
Iain Morgan
1:50 a.m.
Hi
The users are authenticating using their passwords, pam_ldap is being
called in /etc/pam.d/system-auth. Please see
cat system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_sss.so use_first_pass
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
Openssh version is latest stable for CentOS 5.x which
is openssh-4.3p2-72.el5_7.5
As said ldap authentication using 389 dir server works fine, I just want to
limit access to certain hosts per user.
Thanks
On Mon, Mar 5, 2012 at 8:03 PM, Iain Morgan <Iain.Morgan(a)nasa.gov> wrote:
On Mon, Mar 05, 2012 at 08:09:04 -0600, Ali Jawad wrote:
> Hi
> I did install 389 and LDAP authentication, what i need to do now is
allow
> access to users only to certain systems, I did checkout :
>
http://directory.fedoraproject.org/wiki/Howto:Posix#How_to_set_up_host_ba...
> I tried the old method because I could not figure out the new method,
I
> did enable pam_check_host_attr "did not change any pam settings
though"
> and I have use_pam enabled in sshd_config, but the user was still
able to
> logon through SSH even though no hosts were listed in his attributes.
> Please advice.
> Regards
Hello,
What version of OpenSSH are you using and how did the user authenticate?
For example, did the user use publickey authentication instead of
password or challenge-response? Are you calling pam_ldap in the account
portion of your PAM stack? What do you see in the LDAP server's access
log when the user authenticates?
--
Iain Morgan
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
*Ali Jawad
*
*Information Systems Manager*
*Splendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554*
4433
days inactive
4434
days old
389-users@lists.fedoraproject.org
2 comments
2 participants
participants (2)
-
Ali Jawad -
Iain Morgan