LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-02-2011, 05:26 PM   #1
daisychick
Member
 
Registered: Nov 2006
Location: Texas
Distribution: ubuntu 12.04 LTS
Posts: 154

Rep: Reputation: 0
adding authenticated AD user to wheel


CentOS 5.5

so, I have this little bash wrapper that's supposed to control access (see below). I can login fine with my credentials but I am a domain admin. I created a test user that is only a member of domain users and added it to the wheel group.

wheel:x:10:root,testuser,galaxy

however, I can't login with it. It requests password and locks the user out after three wrong password per AD group policy. Suggestions?
Code:
#!/bin/sh

# This script restricts shell access to privileged users. The "template shell"
# option in the '/etc/samba/smb.conf' file should be set to call this wrapper.

# Get group memberships for this user.
BFN_ID=$(/usr/bin/id)

# Grant shell access to users that are in the local wheel group.
if /bin/echo "$BFN_ID" | /bin/grep -P '[=,][0-9]{1,8}\(wheel\)' > /dev/null
then
exec /bin/bash --login "$@"
fi

# Grant shell access to users that are in the domain administrators group.
if /bin/echo "$BFN_ID" | /bin/grep -P '[=,][0-9]{1,8}\(domain\ admins\)' > /dev/null
then
exec /bin/bash --login "$@"
fi

# Else print a notice and just exit.
echo "Shell access to this computer is disabled."

# eof
 
Old 12-03-2011, 04:03 AM   #2
War3zWad|0
Member
 
Registered: Sep 2011
Location: Houston, TX
Distribution: openSuSE, Fedora, CentOS, Debian,, and others
Posts: 84

Rep: Reputation: Disabled
You should not need to use the wrapper for this access. Make sure that you have added the correct ACL rules for Reading and Authenticating against the LDAP database. I know that I missed this step several times when I first started working with LDAP.

Assuming that you have all the correct ACL rules setup check the logs for any kind of indication as to why Authentication failed. Depending on how you have your LDAP configured you may want to look into 389DS which is a RHEL based LDAP GUI that if I remember correctly has a "User Guide" for some of the basics.


I personally use SUSE Linux for my LDAP setup and once I had the right ACL rules in place I didn't have a problem. At first I couldn't figure out how to allow users to authenticate against the LDAP Server. The 2 ACL rules that I can remember off the top of my head that are needed were as follows:
Code:
everyone can authenticate
authenticated users can read all
I know I added 2 other rules. One had to do with authenticated dn, unfortunately my LDAP box is in storage and is not readily available. However if needed I can setup an VPS with LDAP to provide some pointers. I originally learned LDAP for a CDC competition.

Last edited by War3zWad|0; 12-03-2011 at 04:11 AM. Reason: forgot to mention...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Creating certificate authenticated user elmidwill Linux - Newbie 1 08-20-2010 12:08 AM
How do I access the Authenticated User in Apache anubis-android Linux - General 1 03-20-2008 07:00 PM
Wanted: Spam filter to bounce authenticated mail to authenticated address Wassercrats Linux - Software 4 11-08-2007 07:56 PM
adding user to wheel group tied2 *BSD 10 09-28-2007 05:22 AM
Adding an AD authenticated user to the "wheel" group on Red Hat ES kram82 Linux - Security 3 06-22-2006 08:50 AM


All times are GMT -5. The time now is 11:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration