All, I have setup the ldapserver with PAM PassThrough and need help in figuring out the access.conf without use of netgroups. Can I simply use the groups with access.conf?
I am only able to ssh as root, but not with any ldap account. I was able to ssh before making changes for the pam_access. Here are the files I edited. /etc/ldap.conf pam_member_attribute uniquemember (since 389-ds uses uniquemember for group membership) uri ldap://ldap.domain.com:389/ tls_checkpeer yes ssl start_tls tls_cacertdir /etc/openldap/cacerts pam_password md5 tls_cacertfile /etc/pki/tls/certs/ca-cert.crt /etc/security/access.conf + : root : ALL + : @groupname : ALL + : @groupname2 : ALL - : ALL : ALL authconfig --enableldap --enableldapauth --disablenis --enablecache --ldapserver=ldap.domain.com --ldapbasedn=dc=ldapdomain,dc=com --enableldaptls --disablekrb5 --krb5kdc=AD.ADdomain.com --krb5adminserver=AD.ADdomain.com --krb5realm=ADDOMAIN.COM --enablekrb5kdcdns --enablekrb5realmdns --enablepamaccess --enablemkhomedir --enablelocauthorize updateall /etc/pam.d/system-auth : account required pam_access.so accessfile=/etc/security/access.conf : Here¹s the error message I got. I see that krb5 is succeeding my password but pam_access is blocking me. pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.12.0.95 user=psundaram Nov 18 11:01:44 wgldap01 sshd[8995]: pam_krb5[8995]: authentication succeeds for 'psundaram' ([email protected]) Nov 18 11:01:45 wgldap01 sshd[8995]: pam_access(sshd:account): access denied for user `psundaram' from `10.12.0.95' Nov 18 11:01:45 wgldap01 sshd[8995]: pam_access(sshd:account): access denied for user `psundaram' from `10.12.0.95' Nov 18 11:01:45 wgldap01 sshd[8996]: fatal: Access denied for user psundaram by PAM account configuration Thanks, Prashanth
-- 389 users mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-directory-users
