I try to set up two "Match Group" directives in sshd_config.
I have an LDAP server. All users including admins are part of the LDAP group users. The admins users are also part of the LDAP group wheel. For example:
[~]groups admin1 admin1 : users wheel [~]groups users user1 : users
On a client server to LDAP, I try to configure two "Match Group" directives in sshd_config as follows:
Match Group wheel some keywords...
Match Group users some keywords...
The problem is that even if a user is a member of LDAP group wheel, the "Match Group wheel" directive is skipped in favor of the "Match Group users" directive.
Is it possible to have two "Match Group" directives as I like to do it? If yes, what is wrong in my configuration?
Thanks,
A detail I forgot...
The need is to have members of the groups wheel and users being dropped to a shell and administer the server while members of only the group users have a script started forcing them to a few command on the server.
On Tue, Feb 28, 2017 at 10:50 AM, Bernard Fay bernard.fay@gmail.com wrote:
I try to set up two "Match Group" directives in sshd_config.
I have an LDAP server. All users including admins are part of the LDAP group users. The admins users are also part of the LDAP group wheel. For example:
[~]groups admin1 admin1 : users wheel [~]groups users user1 : users
On a client server to LDAP, I try to configure two "Match Group" directives in sshd_config as follows:
Match Group wheel some keywords...
Match Group users some keywords...
The problem is that even if a user is a member of LDAP group wheel, the "Match Group wheel" directive is skipped in favor of the "Match Group users" directive.
Is it possible to have two "Match Group" directives as I like to do it? If yes, what is wrong in my configuration?
Thanks,
Am 28.02.2017 um 17:02 schrieb Bernard Fay bernard.fay@gmail.com:
A detail I forgot...
The need is to have members of the groups wheel and users being dropped to a shell and administer the server while members of only the group users have a script started forcing them to a few command on the server.
man sshd_config: The match patterns may consist of single entries or comma-separated lists ...
Match Group wheel,users
-- LF
-
Bernard Fay -
Leon Fauster