Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 12-02-2011, 04:26 PM   #1
Registered: Nov 2006
Location: Texas
Distribution: ubuntu 12.04 LTS
Posts: 154

Rep: Reputation: 0
adding authenticated AD user to wheel

CentOS 5.5

so, I have this little bash wrapper that's supposed to control access (see below). I can login fine with my credentials but I am a domain admin. I created a test user that is only a member of domain users and added it to the wheel group.


however, I can't login with it. It requests password and locks the user out after three wrong password per AD group policy. Suggestions?

# This script restricts shell access to privileged users. The "template shell"
# option in the '/etc/samba/smb.conf' file should be set to call this wrapper.

# Get group memberships for this user.

# Grant shell access to users that are in the local wheel group.
if /bin/echo "$BFN_ID" | /bin/grep -P '[=,][0-9]{1,8}\(wheel\)' > /dev/null
exec /bin/bash --login "$@"

# Grant shell access to users that are in the domain administrators group.
if /bin/echo "$BFN_ID" | /bin/grep -P '[=,][0-9]{1,8}\(domain\ admins\)' > /dev/null
exec /bin/bash --login "$@"

# Else print a notice and just exit.
echo "Shell access to this computer is disabled."

# eof
Old 12-03-2011, 03:03 AM   #2
Registered: Sep 2011
Location: Houston, TX
Distribution: openSuSE, Fedora, CentOS, Debian,, and others
Posts: 84

Rep: Reputation: Disabled
You should not need to use the wrapper for this access. Make sure that you have added the correct ACL rules for Reading and Authenticating against the LDAP database. I know that I missed this step several times when I first started working with LDAP.

Assuming that you have all the correct ACL rules setup check the logs for any kind of indication as to why Authentication failed. Depending on how you have your LDAP configured you may want to look into 389DS which is a RHEL based LDAP GUI that if I remember correctly has a "User Guide" for some of the basics.

I personally use SUSE Linux for my LDAP setup and once I had the right ACL rules in place I didn't have a problem. At first I couldn't figure out how to allow users to authenticate against the LDAP Server. The 2 ACL rules that I can remember off the top of my head that are needed were as follows:
everyone can authenticate
authenticated users can read all
I know I added 2 other rules. One had to do with authenticated dn, unfortunately my LDAP box is in storage and is not readily available. However if needed I can setup an VPS with LDAP to provide some pointers. I originally learned LDAP for a CDC competition.

Last edited by War3zWad|0; 12-03-2011 at 03:11 AM. Reason: forgot to mention...


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Creating certificate authenticated user elmidwill Linux - Newbie 1 08-19-2010 11:08 PM
How do I access the Authenticated User in Apache anubis-android Linux - General 1 03-20-2008 06:00 PM
Wanted: Spam filter to bounce authenticated mail to authenticated address Wassercrats Linux - Software 4 11-08-2007 06:56 PM
adding user to wheel group tied2 *BSD 10 09-28-2007 04:22 AM
Adding an AD authenticated user to the "wheel" group on Red Hat ES kram82 Linux - Security 3 06-22-2006 07:50 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:37 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration