On Mon, Mar 05, 2012 at 08:09:04 -0600, Ali Jawad wrote: > Hi > I did install 389 and LDAP authentication, what i need to do now is allow > access to users only to certain systems, I did checkout : > http://directory.fedoraproject.org/wiki/Howto:Posix#How_to_set_up_host_based_access_control > I tried the old method because I could not figure out the new method, I > did enable pam_check_host_attr "did not change any pam settings though" > and I have use_pam enabled in sshd_config, but the user was still able to > logon through SSH even though no hosts were listed in his attributes. > Please advice. > Regards Hello, What version of OpenSSH are you using and how did the user authenticate? For example, did the user use publickey authentication instead of password or challenge-response? Are you calling pam_ldap in the account portion of your PAM stack? What do you see in the LDAP server's access log when the user authenticates? -- Iain Morgan -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
