This is how I've done it:
Edit /etc/pam.d/sshd and uncomment
account required pam_access.so
Edit /etc/security/access.conf and add this line at the bottom:
-:ALL EXCEPT root sysadmin ubuntu (name of ssh group):ALL
The group can be an LDAP group. Users will still authenticate but they will be immediately disconnected if they are not in the required group. The group needs to be a Posix group (i.e. not groupOfNames or groupOfUniqueNames).
Hope that helps.
Philip
On 2 May 2013 09:46, Geo P.C. pcgeopc@gmail.com wrote:
By installing libnss-ldap we are able to integrate an Ubuntu server with ldap (openldap). But we are unable to configure ldap group based authentication.
We need to configure in such a way that user from a particular group need only to login.
Please let me know is it possible configure it and please update us the steps or any url.
Thanks
Geo