SSH AllowGroups and LDAP authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 11/9/2010 5:36 AM, Allan Hougham wrote:
> Hi Patrick,
>
> What does "groups ahougham" show on that box? Is that user in an 
> allowed group?
>
> ahougham is a user in "Search" group
>
> I need anothe parameter or any adicional setting? do you have any 
> tutorial with this configuration and what parameters I need in PAM file?

I'm not sure multiple "AllowGroups" directives are allowed.

 From "man sshd_config":

      AllowGroups
              This keyword can be followed by a list of group name patterns,
              separated by spaces.

The way you have things set up, my guess is that it will only allow 
access to the "Question" group, since that line appears last and will 
probably overwrite all of the earlier ones.

>
>
> Thanks!
>
> Allan
>
> ------------------------------------------------------------------------
> Date: Mon, 8 Nov 2010 10:43:15 -0800
> From: patrick.morris at hp.com
> To: 389-users at lists.fedoraproject.org
> Subject: Re: SSH AllowGroups and LDAP authentication
>
> On 11/8/2010 8:56 AM, Allan Hougham wrote:
>
>     I need help with this issue, I setting sshd_config with
>     "AllowGroups" but I can?t authenticate with LDAP, the groups are
>     settings up, this is my configuration:
>     Do you have any tutorial or guide for setting ssh authentication
>     groups with LDAP?
>     This is the mistake, but the user ahougham is in "Search Group"
>
>     [root at ds03 log]# tail -f secure
>     Nov  6 04:09:33 ds03 sshd[7055]: User ahougham from 10.10.38.27
>     not allowed because none of user's groups are listed in AllowGroups
>
>
> Assuming your system is set up to use LDAP groups (usually via PAM, so 
> make sure SSH is configured to use PAM), you don't need to do anything 
> special to use AllowGroups.
>
> What does "groups ahougham" show on that box? Is that user in an 
> allowed group?
>
> -- 389 users mailing list 389-users at lists.fedoraproject.org 
> https://admin.fedoraproject.org/mailman/listinfo/389-users 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20101109/9b4ee2ce/attachment.html
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux