LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page adding authenticated AD user to wheel
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-02-2011, 04:26 PM   #1
daisychick
Member
 
Registered: Nov 2006
Location: Texas
Distribution: ubuntu 12.04 LTS
Posts: 154

Rep: Reputation: 0
adding authenticated AD user to wheel

CentOS 5.5

so, I have this little bash wrapper that's supposed to control access (see below). I can login fine with my credentials but I am a domain admin. I created a test user that is only a member of domain users and added it to the wheel group.

wheel:x:10:root,testuser,galaxy

however, I can't login with it. It requests password and locks the user out after three wrong password per AD group policy. Suggestions?
Code:
#!/bin/sh

# This script restricts shell access to privileged users. The "template shell"
# option in the '/etc/samba/smb.conf' file should be set to call this wrapper.

# Get group memberships for this user.
BFN_ID=$(/usr/bin/id)

# Grant shell access to users that are in the local wheel group.
if /bin/echo "$BFN_ID" | /bin/grep -P '[=,][0-9]{1,8}\(wheel\)' > /dev/null
then
exec /bin/bash --login "$@"
fi

# Grant shell access to users that are in the domain administrators group.
if /bin/echo "$BFN_ID" | /bin/grep -P '[=,][0-9]{1,8}\(domain\ admins\)' > /dev/null
then
exec /bin/bash --login "$@"
fi

# Else print a notice and just exit.
echo "Shell access to this computer is disabled."

# eof
 
Old 12-03-2011, 03:03 AM   #2
War3zWad|0
Member
 
Registered: Sep 2011
Location: Houston, TX
Distribution: openSuSE, Fedora, CentOS, Debian,, and others
Posts: 84

Rep: Reputation: Disabled
You should not need to use the wrapper for this access. Make sure that you have added the correct ACL rules for Reading and Authenticating against the LDAP database. I know that I missed this step several times when I first started working with LDAP.

Assuming that you have all the correct ACL rules setup check the logs for any kind of indication as to why Authentication failed. Depending on how you have your LDAP configured you may want to look into 389DS which is a RHEL based LDAP GUI that if I remember correctly has a "User Guide" for some of the basics.


I personally use SUSE Linux for my LDAP setup and once I had the right ACL rules in place I didn't have a problem. At first I couldn't figure out how to allow users to authenticate against the LDAP Server. The 2 ACL rules that I can remember off the top of my head that are needed were as follows:
Code:
everyone can authenticate
authenticated users can read all
I know I added 2 other rules. One had to do with authenticated dn, unfortunately my LDAP box is in storage and is not readily available. However if needed I can setup an VPS with LDAP to provide some pointers. I originally learned LDAP for a CDC competition.
Last edited by War3zWad|0; 12-03-2011 at 03:11 AM. Reason: forgot to mention...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Creating certificate authenticated user elmidwill Linux - Newbie 1 08-19-2010 11:08 PM
How do I access the Authenticated User in Apache anubis-android Linux - General 1 03-20-2008 06:00 PM
Wanted: Spam filter to bounce authenticated mail to authenticated address Wassercrats Linux - Software 4 11-08-2007 06:56 PM
adding user to wheel group tied2 *BSD 10 09-28-2007 04:22 AM
Adding an AD authenticated user to the "wheel" group on Red Hat ES kram82 Linux - Security 3 06-22-2006 07:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:54 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration