On 11/9/2010 5:36 AM, Allan Hougham wrote:
Hi Patrick,
What does "groups ahougham" show on that box? Is that user in an
allowed group?
ahougham is a user in "Search" group
I need anothe parameter or any adicional setting? do you have any
tutorial with this configuration and what parameters I need in PAM
file?
I'm not sure multiple "AllowGroups" directives are allowed.
From "man sshd_config":
AllowGroups
This keyword can be followed by a list of group name
patterns,
separated by spaces.
The way you have things set up, my guess is that it will only allow
access to the "Question" group, since that line appears last and
will probably overwrite all of the earlier ones.
Thanks!
Allan
Date: Mon, 8 Nov 2010 10:43:15 -0800
From: patrick.morris@xxxxxx
To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [389-users] SSH AllowGroups and LDAP authentication
On 11/8/2010 8:56 AM, Allan Hougham wrote:
I need help with this issue, I setting sshd_config with
"AllowGroups" but I can´t authenticate with LDAP, the groups are
settings up, this is my configuration:
Do you have any tutorial or guide for setting ssh authentication
groups with LDAP?
This is the mistake, but the user ahougham is in "Search Group"
[root@ds03 log]# tail -f secure
Nov 6 04:09:33 ds03 sshd[7055]: User ahougham from 10.10.38.27
not allowed because none of user's groups are listed in
AllowGroups
Assuming your system is set up to use LDAP groups (usually via
PAM, so make sure SSH is configured to use PAM), you don't need to
do anything special to use AllowGroups.
What does "groups ahougham" show on that box? Is that user in an
allowed group?
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
|
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
