Review your favorite Linux distribution.
Go Back > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.


  Search this Thread
Old 11-04-2010, 04:03 PM   #1
LQ Newbie
Registered: Nov 2010
Posts: 12

Rep: Reputation: 0
Problem With Using pam_listfile and Secondary Group-memberships in Active Directory

Right now, I'm trying to push a large enterprise (several tens of thousands of users) into using centralized authentication for their growing population of RHEL 5.x servers. This enterprise is primarily Windows based. I've got people interested in using the winbind authentication. However, given the size of the operation, we can't just have anyone authenticatable through AD allowed to log into a system.

For some systems, use of the pam_winbind.conf would be sufficient. However, there are some systems that are shared by people in different AD groupings. So, I've been looking to leverage pam_listfile for that task. It looks like a good start, but seems to be falling down when I try to have it make its allow/deny decisions based on anything other than a user's primary AD group.

Given the complexity of the organizational structure in this enterprise, secondary group functionality is critical. I'm trying to determine if there's something I'm missing in my config or if my pam_listfile version is missing something.

RPM info for my pam subsystem is:

Name        : pam                          Relocations: (not relocatable)
Version     :                          Vendor: Red Hat, Inc.
Release     : 6.el5_4.1                     Build Date: Mon 08 Mar 2010 03:51:15 AM EST
Install Date: Wed 21 Jul 2010 03:22:41 PM EDT      Build Host:
Group       : System Environment/Base       Source RPM: pam-
Size        : 2541468                          License: GPL or BSD
Signature   : DSA/SHA1, Wed 10 Mar 2010 07:18:18 AM EST, Key ID 5326810137017186


active directory, authentication, crossplatform, pam, winbind

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba + LDAP server issues with group memberships havok1977 Linux - Server 2 05-06-2009 05:59 AM
apache active directory require group.. zerocool22 Linux - Server 0 05-06-2008 03:38 AM
Problem authenticating Apache - LDAP - Active Directory using a AD group mrcoffee11 Linux - Server 0 11-10-2007 06:53 AM
Accidentally deleted all my group memberships Linux - Software 4 08-26-2007 10:59 AM
Sudo - Active Directory group not recognized nilecirb Linux - Networking 4 08-28-2006 11:09 PM > Forums > Enterprise Linux Forums > Linux - Enterprise

All times are GMT -5. The time now is 02:55 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration