Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 06-12-2018, 08:09 AM   #1
LQ Newbie
Registered: Jun 2018
Posts: 2

Rep: Reputation: Disabled
AD service account SSH to Centos without 2FA

I have Windows 2012 AD server and all of the linux computers (CentOS) are joined to AD.

Recently, Quest defender 2FA has been activated, so all the domain users require soft token when SSH to any of CentOS systems. Now, I need to exclude some of the domain service accounts from 2FA when SSH to Linux computers. Meaning, when those accounts SSH, system will automatically exempt from 2FA.

Here is the current setting

[root@Linux]# less /etc/pam_radius_acl.conf

[root@Linux]# /etc/pam.d/sshd

auth required
auth requisite
auth requisite
auth substack password-auth
auth include postlogin
-auth optional prepare
account required
account include password-auth
password include password-auth
session required close
session required
session required open env_params
session required
session optional force revoke
session include password-auth
session include postlogin
-session optional prepare

[root@Linux]# less /etc/ssh/sshd_config
UsePAM yes
ChalllengeResponseAuthentication yes

Secondly, I want to restrict domain users to access respective Linux computers within their own dept so called centralize sudo access. For example, a user in admin dept, she can login only to Linux computers which are belong to admin dept. She will not able to login to HR dept PCs using her domain credentials.

Does the configuration on AD server or on the client computers (CentOS) to achieve the goal? My CentOS version is 7.4

Thanks much.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't start ssh service in centos v6.9 indikakonda Linux - Newbie 1 06-07-2018 07:32 AM
How to set variables to a non-login account used by a service in CentOS? pjbarberoiglesias Linux - Server 1 02-20-2018 10:53 AM
Installing Centos 7 via ssh only (cloud service) stuart23 Linux - Virtualization and Cloud 2 09-10-2014 08:26 AM
ssh account to restart 1 service ? elkhedewy Linux - Newbie 2 05-21-2013 02:24 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:25 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration