LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices


Reply
  Search this Thread
Old 12-23-2004, 05:22 AM   #1
Builder
Member
 
Registered: Jun 2004
Location: London
Distribution: Red Hat, SuSE, Gentoo
Posts: 80

Rep: Reputation: 15
Limiting logins to server using pam_access


Hi all,

I'm trying to limit logins to users in a specific AD group, but I'm having some problems. If I use a local group (present in /etc/group) it works fine. If I use and AD group, it fails.

If I do getent group, I get the following relevant lines:
gdm:x:42:waynep
testgroup:x:10011:waynep,testuser
waynep_unixgroup:x:10002:testuser

gdm is a local group, the others are AD groups.

If I do getent group gdm, I get the following:
gdm:x:42:waynep
If I do getent group testgroup
testgroup:x:10011:

This is odd because in the getent group with no key, I see all of the groups I expect to, and all of the users that I expect to see in each group.

If I specify a group with getent group, I only see members when I examine a local group (e.g. gdm) and not when I examine an AD group (e.g. testgroup).

Now in /etc/security/access.conf if I have a line
-:testgroup:ALL
waynep is still able to login. If I change that to
-:gdm:ALL
waynep is NOT able to login.

If I login as user waynep and do id, I get the following output:
uid=10002(waynep) gid=10002(waynep_unixgroup) groups=10002(waynep_unixgroup),42(gdm),10011(testgroup)

This implies that groups are _partly_ but not completely working, and I'm not sure where it's breaking down. Does anyone have any advice to resolve this, or possibly another way of limiting which AD users can log into which machine ?

Thanks,
 
Old 12-23-2004, 10:01 AM   #2
nixcraft
Member
 
Registered: Nov 2004
Location: BIOS
Distribution: RHEL3.0, FreeBSD 5.x, Debian 3.x, Soaris x86 v10
Posts: 379

Rep: Reputation: 30
You need netgroups i guess but not sure
 
Old 12-23-2004, 10:42 AM   #3
Builder
Member
 
Registered: Jun 2004
Location: London
Distribution: Red Hat, SuSE, Gentoo
Posts: 80

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by nixcraft
You need netgroups i guess but not sure
Netgroups in AD ?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
cant't kill old logins on linux server cayer Linux - Newbie 2 11-23-2005 09:40 AM
POP3 and IMAP server logins gavinm Linux - Software 7 12-10-2003 12:06 PM
Logins main server... blither Linux - Networking 0 10-06-2003 08:41 PM
proftpd server wont accept anynomous logins bripage Linux - Networking 1 08-01-2002 03:21 PM
SSH logins and limiting remote users login rights. redgore Linux - Networking 2 07-16-2002 03:22 AM

LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise

All times are GMT -5. The time now is 09:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration