Visit Jeremy's Blog.
Go Back > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.


  Search this Thread
Old 12-23-2004, 05:22 AM   #1
Registered: Jun 2004
Location: London
Distribution: Red Hat, SuSE, Gentoo
Posts: 80

Rep: Reputation: 15
Limiting logins to server using pam_access

Hi all,

I'm trying to limit logins to users in a specific AD group, but I'm having some problems. If I use a local group (present in /etc/group) it works fine. If I use and AD group, it fails.

If I do getent group, I get the following relevant lines:

gdm is a local group, the others are AD groups.

If I do getent group gdm, I get the following:
If I do getent group testgroup

This is odd because in the getent group with no key, I see all of the groups I expect to, and all of the users that I expect to see in each group.

If I specify a group with getent group, I only see members when I examine a local group (e.g. gdm) and not when I examine an AD group (e.g. testgroup).

Now in /etc/security/access.conf if I have a line
waynep is still able to login. If I change that to
waynep is NOT able to login.

If I login as user waynep and do id, I get the following output:
uid=10002(waynep) gid=10002(waynep_unixgroup) groups=10002(waynep_unixgroup),42(gdm),10011(testgroup)

This implies that groups are _partly_ but not completely working, and I'm not sure where it's breaking down. Does anyone have any advice to resolve this, or possibly another way of limiting which AD users can log into which machine ?

Old 12-23-2004, 10:01 AM   #2
Registered: Nov 2004
Location: BIOS
Distribution: RHEL3.0, FreeBSD 5.x, Debian 3.x, Soaris x86 v10
Posts: 379

Rep: Reputation: 30
You need netgroups i guess but not sure
Old 12-23-2004, 10:42 AM   #3
Registered: Jun 2004
Location: London
Distribution: Red Hat, SuSE, Gentoo
Posts: 80

Original Poster
Rep: Reputation: 15
Originally posted by nixcraft
You need netgroups i guess but not sure
Netgroups in AD ?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
cant't kill old logins on linux server cayer Linux - Newbie 2 11-23-2005 09:40 AM
POP3 and IMAP server logins gavinm Linux - Software 7 12-10-2003 12:06 PM
Logins main server... blither Linux - Networking 0 10-06-2003 08:41 PM
proftpd server wont accept anynomous logins bripage Linux - Networking 1 08-01-2002 03:21 PM
SSH logins and limiting remote users login rights. redgore Linux - Networking 2 07-16-2002 03:22 AM > Forums > Enterprise Linux Forums > Linux - Enterprise

All times are GMT -5. The time now is 09:05 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration