This is how I've done it:

Edit /etc/pam.d/sshd and uncomment

account  required     pam_access.so

Edit /etc/security/access.conf and add this line at the bottom:

-:ALL EXCEPT root sysadmin ubuntu (name of ssh group):ALL

The group can be an LDAP group. Users will still authenticate but they will be immediately disconnected if they are not in the required group. The group needs to be a Posix group (i.e. not groupOfNames or groupOfUniqueNames).

Hope that helps.

Philip



On 2 May 2013 09:46, Geo P.C. <pcgeopc@gmail.com> wrote:

By installing libnss-ldap we are able to integrate an Ubuntu server with ldap (openldap). But we are unable to configure ldap group based authentication.

We need to configure in such a way that user from a particular group need only to login.

Please let me know is it possible configure it and please update us the steps or any url.

Thanks

Geo