A detail I forgot... The need is to have members of the groups wheel and users being dropped to a shell and administer the server while members of only the group users have a script started forcing them to a few command on the server. On Tue, Feb 28, 2017 at 10:50 AM, Bernard Fay <bernard.fay at gmail.com> wrote: > I try to set up two "Match Group" directives in sshd_config. > > I have an LDAP server. All users including admins are part of the LDAP > group users. The admins users are also part of the LDAP group wheel. For > example: > > [~]groups admin1 > admin1 : users wheel > [~]groups users > user1 : users > > On a client server to LDAP, I try to configure two "Match Group" > directives in sshd_config as follows: > > Match Group wheel > some keywords... > > Match Group users > some keywords... > > > The problem is that even if a user is a member of LDAP group wheel, the > "Match Group wheel" directive is skipped in favor of the "Match Group > users" directive. > > Is it possible to have two "Match Group" directives as I like to do it? > If yes, what is wrong in my configuration? > > Thanks, > >