Either one, I only want people from the group to be able to access the server. Thanks -Troy ----- Original Message ----- From: "mups.cp" <mups.cp@xxxxxxxxx> Date: Wednesday, October 10, 2007 6:33 pm Subject: Re: ldap authorization To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx> > When you say connect you refer to local or remotely? > > > On 10/10/07, Troy Knabe <knabe@xxxxxxxxxxx> wrote: > > # Group to enforce membership of > > pam_groupdn cn=troy_test,ou=Groups,dc=company,dc=com ## Yes, I > replaced> this with my basedn) > > > > # Group member attribute > > pam_member_attribute uniquemember > > > > > > I am the only member of the group, and uniqueMember is the > attribute.> > > -Troy > > > > Esquivel, Vicente wrote: > > > For me I only had to make sure that the correct > pam_member_attribute was > > > set inside the ldap.conf file. > > > > > > Vince > > > > > >> -----Original Message----- > > >> From: redhat-list-bounces@xxxxxxxxxx > > >> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Troy Knabe > > >> Sent: Wednesday, October 10, 2007 4:35 PM > > >> To: General Red Hat Linux discussion list > > >> Subject: RE: ldap authorization > > >> > > >> So I have done this and restarted nscd and even rebooted, but > > >> still everyone with an account can access the server. > What I > > >> am I missing? > > >> > > >> -Troy > > >> > > >> > > >> -----Original Message----- > > >> From: redhat-list-bounces@xxxxxxxxxx > > >> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of mups.cp > > >> Sent: Wednesday, October 10, 2007 12:40 PM > > >> To: General Red Hat Linux discussion list > > >> Subject: Re: ldap authorization > > >> > > >> First create a groupOfUniqueNames objectClass in your ldap > > >> and set uniqueMember with the full dn for those users that > > >> should be allowed access. > > >> In /etc/ldap.conf > > >> pam_groupdn cn=unixusers,ou=Groups,dc=domain,dc=com > > >> Where unixusers is the group with the groupOfUniqueNames > > >> objectClass you defined before. > > >> > > >> > > >> On 10/10/07, Esquivel, Vicente <Esquivelv@xxxxxxx> wrote: > > >>> I have much interest on how to get pam_groupdn to work > > >> because I have > > >>> been battling with it for a few days now with not hope in sight. > > >>> > > >>> Vince > > >>> > > >>>> -----Original Message----- > > >>>> From: redhat-list-bounces@xxxxxxxxxx > > >>>> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of mups.cp > > >>>> Sent: Wednesday, October 10, 2007 2:30 PM > > >>>> To: General Red Hat Linux discussion list > > >>>> Subject: Re: ldap authorization > > >>>> > > >>>> You coud use the pam_groupdn option. > > >>>> > > >>>> On 10/10/07, Troy Knabe <knabe@xxxxxxxxxxx> wrote: > > >>>>> I am using Kerberos for authentication and ldap for > > >>>> authorization. But I want to limit the ldap users who > > >> can login to > > >>>> the server to a specific group. > > >>>>> > > >>>>> > > >>>>> Anyone have any perls of wisdom on what needs to be added > > >>>> to the ldap.conf??? > > >>>>> > > >>>>> > > >>>>> Thanks > > >>>>> > > >>>>> -Troy > > >>>>> > > >>>>> > > >>>>> > > >>>>> -- > > >>>>> redhat-list mailing list > > >>>>> unsubscribe > > >>>> mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > >>>>> https://www.redhat.com/mailman/listinfo/redhat-list > > >>>>> > > >>>> -- > > >>>> redhat-list mailing list > > >>>> unsubscribe > > >>>> mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > >>>> https://www.redhat.com/mailman/listinfo/redhat-list > > >>>> > > >>> -- > > >>> redhat-list mailing list > > >>> unsubscribe > > >> mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > >>> https://www.redhat.com/mailman/listinfo/redhat-list > > >>> > > >> -- > > >> redhat-list mailing list > > >> unsubscribe mailto:redhat-list- > request@xxxxxxxxxx?subject=unsubscribe> >> > https://www.redhat.com/mailman/listinfo/redhat-list > > >> > > >> -- > > >> redhat-list mailing list > > >> unsubscribe mailto:redhat-list- > request@xxxxxxxxxx?subject=unsubscribe> >> > https://www.redhat.com/mailman/listinfo/redhat-list > > >> > > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list- > request@xxxxxxxxxx?subject=unsubscribe> > https://www.redhat.com/mailman/listinfo/redhat-list > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Troy Knabe Senior Systems Administrator Computing and Information Services 4J School District knabe@xxxxxxxxxxx Ph: 541.687.3587 -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list
