By installing libnss-ldap we are able to integrate an Ubuntu server with ldap (openldap). But we are unable to configure ldap group based authentication.
We need to configure in such a way that user from a particular group need only to login.
Please let me know is it possible configure it and please update us the steps or any url.
Thanks
Geo
This is how I've done it:
Edit /etc/pam.d/sshd and uncomment
account required pam_access.so
Edit /etc/security/access.conf and add this line at the bottom:
-:ALL EXCEPT root sysadmin ubuntu (name of ssh group):ALL
The group can be an LDAP group. Users will still authenticate but they will be immediately disconnected if they are not in the required group. The group needs to be a Posix group (i.e. not groupOfNames or groupOfUniqueNames).
Hope that helps.
Philip
On 2 May 2013 09:46, Geo P.C. pcgeopc@gmail.com wrote:
By installing libnss-ldap we are able to integrate an Ubuntu server with ldap (openldap). But we are unable to configure ldap group based authentication.
We need to configure in such a way that user from a particular group need only to login.
Please let me know is it possible configure it and please update us the steps or any url.
Thanks
Geo
Dear Philip
Its working perfectly fine. Thanks...
*Thanks & Regards Geo P.C. www.geopc.co.cc*
On Thu, May 2, 2013 at 2:34 PM, Philip Colmer philip.colmer@linaro.orgwrote:
This is how I've done it:
Edit /etc/pam.d/sshd and uncomment
account required pam_access.so
Edit /etc/security/access.conf and add this line at the bottom:
-:ALL EXCEPT root sysadmin ubuntu (name of ssh group):ALL
The group can be an LDAP group. Users will still authenticate but they will be immediately disconnected if they are not in the required group. The group needs to be a Posix group (i.e. not groupOfNames or groupOfUniqueNames).
Hope that helps.
Philip
On 2 May 2013 09:46, Geo P.C. pcgeopc@gmail.com wrote:
By installing libnss-ldap we are able to integrate an Ubuntu server with ldap (openldap). But we are unable to configure ldap group based authentication.
We need to configure in such a way that user from a particular group need only to login.
Please let me know is it possible configure it and please update us the steps or any url.
Thanks
Geo
Am Thu, 2 May 2013 14:16:55 +0530 schrieb "Geo P.C." pcgeopc@gmail.com:
By installing libnss-ldap we are able to integrate an Ubuntu server with ldap (openldap). But we are unable to configure ldap group based authentication.
We need to configure in such a way that user from a particular group need only to login.
Please let me know is it possible configure it and please update us the steps or any url.
I think this is a question you should address to Ubuntu support.
-Dieter
openldap-technical@openldap.org
-
Dieter Klünter -
Geo P.C. -
Philip Colmer