There are a few ways. I found the best way is to specify pam_groupdb and pam_member_attribute. This allows you to create a simple ldap object that says who can log into what system. Edward On Thu, May 29, 2008 at 5:40 AM, Bogdan Cehan <bogdan.cehan at mediaimage.ro> wrote: > Let's say i have users : alex , tom , john , joe and bruce > and the computers comp1 , comp2 and comp3 > > > > and in my ldap i have the users on ou=People with posixaccount > and three groups named after the computers like : > > > cn=comp1,ou=Groups .... > objectClass: top > objectClass: groupOfUniqueNames > cn: comp1 > ou: groups > description: People who can login on comp1 > uniqueMember: uid=alex,ou=People,dc=pol,dc=mediaimage,dc=ro > uniqueMember: uid=joe,ou=People,dc=pol,dc=mediaimage,dc=ro > uniqueMember: uid=bruce,ou=People,dc=pol,dc=mediaimage,dc=ro > ----------------------------------------------------------------------------------------- > > > cn=comp2,ou=Groups .... > objectClass: top > objectClass: groupOfUniqueNames > cn: comp3 > ou: groups > description: People who can login on comp2 > uniqueMember: uid=alex,ou=People,dc=pol,dc=mediaimage,dc=ro > uniqueMember: uid=tom,ou=People,dc=pol,dc=mediaimage,dc=ro > uniqueMember: uid=bruce,ou=People,dc=pol,dc=mediaimage,dc=ro > ----------------------------------------------------------------------------------------- > > cn=comp3,ou=Groups .... > objectClass: top > objectClass: groupOfUniqueNames > cn: comp3 > ou: groups > description: People who can login on comp3 > uniqueMember: uid=john,ou=People,dc=pol,dc=mediaimage,dc=ro > uniqueMember: uid=joe,ou=People,dc=pol,dc=mediaimage,dc=ro > uniqueMember: uid=bruce,ou=People,dc=pol,dc=mediaimage,dc=ro > ----------------------------------------------------------------------------------------- > > > > in this schema let's say that i want to be able to "permit " login acces to > the computers only to the people i have in their group > > > > > > > > > > > > > > > >> On Thu, May 29, 2008 at 10:41:16AM +0300, Bogdan Cehan wrote: >> > Hello all >> > >> > >> > >> > I'm using the fedora directory server for centralized authentication , >> > and i have made users with posix account and i put them in ou=People >> > like this : >> >> [snip] >> >> > now i want to restrict some users to servers based on groups but my >> > pam_ldap does not help me to do that , I'm using my old friend >> > "www.google.com" to help me in this problem but with no luck ..... all >> > my users have access to this computer .... so , if i understand wright >> > all i have to do is create users with posix account and after that create >> > groups and put the users in that group but this does not work ..... any >> > ideas ? anyone use FDS for what i intend to do ? >> >> The pam_access module may help you do this depending on what you mean by >> "restrict". >> >> > Thank you for your time ..... >> > >> > >> > >> > Bogdan > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
