LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
Search this Thread
Old 11-04-2010, 04:03 PM   #1
ferricoxide
LQ Newbie
 
Registered: Nov 2010
Posts: 12

Rep: Reputation: 0
Problem With Using pam_listfile and Secondary Group-memberships in Active Directory


Right now, I'm trying to push a large enterprise (several tens of thousands of users) into using centralized authentication for their growing population of RHEL 5.x servers. This enterprise is primarily Windows based. I've got people interested in using the winbind authentication. However, given the size of the operation, we can't just have anyone authenticatable through AD allowed to log into a system.

For some systems, use of the pam_winbind.conf would be sufficient. However, there are some systems that are shared by people in different AD groupings. So, I've been looking to leverage pam_listfile for that task. It looks like a good start, but seems to be falling down when I try to have it make its allow/deny decisions based on anything other than a user's primary AD group.

Given the complexity of the organizational structure in this enterprise, secondary group functionality is critical. I'm trying to determine if there's something I'm missing in my config or if my pam_listfile version is missing something.

RPM info for my pam subsystem is:


Code:
Name        : pam                          Relocations: (not relocatable)
Version     : 0.99.6.2                          Vendor: Red Hat, Inc.
Release     : 6.el5_4.1                     Build Date: Mon 08 Mar 2010 03:51:15 AM EST
Install Date: Wed 21 Jul 2010 03:22:41 PM EDT      Build Host: x86-001.build.bos.redhat.com
Group       : System Environment/Base       Source RPM: pam-0.99.6.2-6.el5_4.1.src.rpm
Size        : 2541468                          License: GPL or BSD
Signature   : DSA/SHA1, Wed 10 Mar 2010 07:18:18 AM EST, Key ID 5326810137017186
 
  


Reply

Tags
active directory, authentication, crossplatform, pam, winbind


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba + LDAP server issues with group memberships havok1977 Linux - Server 2 05-06-2009 05:59 AM
apache active directory require group.. zerocool22 Linux - Server 0 05-06-2008 03:38 AM
Problem authenticating Apache - LDAP - Active Directory using a AD group mrcoffee11 Linux - Server 0 11-10-2007 06:53 AM
Accidentally deleted all my group memberships serg.kr Linux - Software 4 08-26-2007 10:59 AM
Sudo - Active Directory group not recognized nilecirb Linux - Networking 4 08-28-2006 11:09 PM


All times are GMT -5. The time now is 03:39 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration