Hi,
we use an openldap server / samba as domain controller for our windows/linux workstations. on a specific server, login should only be allowed, if the certain user is member of a group (let's call this group "login"). All the users in the domain are members of the group "Domain Users". Therefore their primary gid is not the login-group's gid. How can I make the login depending on that login-group-membership?
Thanks!
Toby
Am Freitag, den 05.02.2010, 11:38 +0100 schrieb Nobody ist perfect:
Hi,
we use an openldap server / samba as domain controller for our windows/linux workstations. on a specific server, login should only be allowed, if the certain user is member of a group (let's call this group "login"). All the users in the domain are members of the group "Domain Users". Therefore their primary gid is not the login-group's gid. How can I make the login depending on that login-group-membership?
Thanks!
Toby
If you use winbind you can use require_membership_of= in/etc/security/pam_winbind.conf.
Chris
financial.com AG
Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany Management board/Vorstand: Dr. Steffen Boehnert | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender) Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553
Hi Chris, Thanks, you mind, replace ldap auth with winbind auth ?
my scene: on one side 1 smb server pdc with ldap, on the another side, 1 Xorg-Server with auth over ldap , the same from the first one (smb). i need to permit only users "membership_of" "Domain Users" to login on the Xorg-Server Thanks
Am 05.02.2010 12:45, schrieb Christoph Maser:
Am Freitag, den 05.02.2010, 11:38 +0100 schrieb Nobody ist perfect:
Hi,
we use an openldap server / samba as domain controller for our windows/linux workstations. on a specific server, login should only be allowed, if the certain user is member of a group (let's call this group "login"). All the users in the domain are members of the group "Domain Users". Therefore their primary gid is not the login-group's gid. How can I make the login depending on that login-group-membership?
Thanks!
Toby
If you use winbind you can use require_membership_of= in/etc/security/pam_winbind.conf.
Chris
financial.com AG
Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany Management board/Vorstand: Dr. Steffen Boehnert | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender) Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553 _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Am Mittwoch, den 10.02.2010, 20:27 +0100 schrieb News Listener:
Hi Chris, Thanks, you mind, replace ldap auth with winbind auth ?
my scene: on one side 1 smb server pdc with ldap, on the another side, 1 Xorg-Server with auth over ldap , the same from the first one (smb). i need to permit only users "membership_of" "Domain Users" to login on the Xorg-Server Thanks
In that case look for pam_groupdn in ldap.conf
Chris
financial.com AG
Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany Management board/Vorstand: Dr. Steffen Boehnert | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender) Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553
-
Christoph Maser -
News Listener -
Nobody ist perfect