Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   /etc/ldap.conf pam_filter (http://www.linux-archive.org/centos/321163-etc-ldap-conf-pam_filter.html)

Nobody ist perfect 02-05-2010 09:38 AM
/etc/ldap.conf pam_filter
 
Hi,

we use an openldap server / samba as domain controller for our
windows/linux workstations. on a specific server, login should only
be allowed, if the certain user is member of a group (let's call this
group "login"). All the users in the domain are members of the group
"Domain Users". Therefore their primary gid is not the login-group's gid.
How can I make the login depending on that login-group-membership?

Thanks!

Toby

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Christoph Maser 02-05-2010 10:45 AM
/etc/ldap.conf pam_filter
 
Am Freitag, den 05.02.2010, 11:38 +0100 schrieb Nobody ist perfect:
> Hi,
>
> we use an openldap server / samba as domain controller for our
> windows/linux workstations. on a specific server, login should only
> be allowed, if the certain user is member of a group (let's call this
> group "login"). All the users in the domain are members of the group
> "Domain Users". Therefore their primary gid is not the login-group's gid.
> How can I make the login depending on that login-group-membership?
>
> Thanks!
>
> Toby
>


If you use winbind you can use require_membership_of=
in/etc/security/pam_winbind.conf.

Chris


financial.com AG

Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany
Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany
Management board/Vorstand: Dr. Steffen Boehnert | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach
Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender)
Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

News Listener 02-10-2010 06:27 PM
/etc/ldap.conf pam_filter
 
Hi Chris,
Thanks,
you mind, replace ldap auth with winbind auth ?

my scene:
on one side 1 smb server pdc with ldap,
on the another side, 1 Xorg-Server with auth over ldap , the same from the first one (smb).
i need to permit only users "membership_of" "Domain Users" to login on the Xorg-Server
Thanks


Am 05.02.2010 12:45, schrieb Christoph Maser:
> Am Freitag, den 05.02.2010, 11:38 +0100 schrieb Nobody ist perfect:
>> Hi,
>>
>> we use an openldap server / samba as domain controller for our
>> windows/linux workstations. on a specific server, login should only
>> be allowed, if the certain user is member of a group (let's call this
>> group "login"). All the users in the domain are members of the group
>> "Domain Users". Therefore their primary gid is not the login-group's gid.
>> How can I make the login depending on that login-group-membership?
>>
>> Thanks!
>>
>> Toby
>>
>
>
> If you use winbind you can use require_membership_of=
> in/etc/security/pam_winbind.conf.
>
> Chris
>
>
> financial.com AG
>
> Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany
> Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany
> Management board/Vorstand: Dr. Steffen Boehnert | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach
> Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender)
> Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Christoph Maser 02-11-2010 06:37 PM
/etc/ldap.conf pam_filter
 
Am Mittwoch, den 10.02.2010, 20:27 +0100 schrieb News Listener:
> Hi Chris,
> Thanks,
> you mind, replace ldap auth with winbind auth ?
>
> my scene:
> on one side 1 smb server pdc with ldap,
> on the another side, 1 Xorg-Server with auth over ldap , the same from the first one (smb).
> i need to permit only users "membership_of" "Domain Users" to login on the Xorg-Server
> Thanks
>

In that case look for pam_groupdn in ldap.conf

Chris


financial.com AG

Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany
Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany
Management board/Vorstand: Dr. Steffen Boehnert | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach
Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender)
Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 12:28 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.