Hi, you can use pam_groupdn in /etc/ldap.conf to restrict the users having access to a given workstation. Only the users who belong to a given group will be able to log in, ex.: pam_groupdn cn=Allowed Workstation Login in bld 14,ou=Somewhere,dc=example,dc=com @+ 2010/11/15 Allan Hougham <allanhougham@xxxxxxxxxxx>: > Hi, > > I need autenticate LDAPs Groups, but I can´t > Anybody can working with this feature? or mapping users with groups and > later configuring the LDAP Client? > What are the steps for setting LDAP Clients with LDAP Groups? > > Thanks a lot! > > > Allan > > > ________________________________ > From: allanhougham@xxxxxxxxxxx > To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx > Date: Tue, 9 Nov 2010 13:36:21 +0000 > Subject: Re: [389-users] SSH AllowGroups and LDAP authentication > > Hi Patrick, > > What does "groups ahougham" show on that box? Is that user in an allowed > group? > > ahougham is a user in "Search" group > > I need anothe parameter or any adicional setting? do you have any tutorial > with this configuration and what parameters I need in PAM file? > > > Thanks! > > Allan > > ________________________________ > Date: Mon, 8 Nov 2010 10:43:15 -0800 > From: patrick.morris@xxxxxx > To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx > Subject: Re: [389-users] SSH AllowGroups and LDAP authentication > > On 11/8/2010 8:56 AM, Allan Hougham wrote: > > I need help with this issue, I setting sshd_config with "AllowGroups" but I > can´t authenticate with LDAP, the groups are settings up, this is my > configuration: > Do you have any tutorial or guide for setting ssh authentication groups with > LDAP? > This is the mistake, but the user ahougham is in "Search Group" > > [root@ds03 log]# tail -f secure > Nov 6 04:09:33 ds03 sshd[7055]: User ahougham from 10.10.38.27 not allowed > because none of user's groups are listed in AllowGroups > > Assuming your system is set up to use LDAP groups (usually via PAM, so make > sure SSH is configured to use PAM), you don't need to do anything special to > use AllowGroups. > > What does "groups ahougham" show on that box? Is that user in an allowed > group? > > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
