From: John P Arends jare...@northwestern.edu
Date: Thu, 24 Jan 2013 21:45:13 +
The problem is, I can log on as any AD user.
require_membership_of is being ignored. I can put in a valid group with
no spaces in the name, a group by SID, and either way, everyone can log
in.
As far as I
I want to make sure if someone also gets local console access somehow they
still can't get in. That's my concern with just making changes to how sshd
authenticates.
(I know nearly nothing about PAM.)
On Jan 24, 2013, at 4:21 PM, Philipoff, Andrew aphilip...@medicine.ucsf.edu
wrote:
John,
John,
When you say that you can log on as any AD user, do you mean using SSH? On our
systems I use pam_succeed_if.so user ingroup in our /etc/pam.d/sshd files,
see below:
auth include system-auth
accountrequired pam_nologin.so
#accountinclude system-auth
account
On Thu, Jan 24, 2013 at 5:24 PM, John P Arends jare...@northwestern.edu wrote:
I want to make sure if someone also gets local console access somehow they
still can't get in. That's my concern with just making changes to how sshd
authenticates.
One way I've dealt with this, and a pretty
I'm running into the same issue that Mike posted about.
I've got authentication working as well as the auto creation of home
directories. The problem is anybody that has a valid domain account can
come in regardless of group.
I'm running SuSE
The require_membership_of parameter supposed to be