HI i have compiled the pam_access modules successfuly and copied access.conf to /etc/security folder.
i included other account required pam_access.so and added -:ben b...@infra.com:ALL but still user ben can able to access the machine anyone achieved this? On Tue, Mar 24, 2015 at 9:19 PM, Rob Crittenden <rcrit...@redhat.com> wrote: > Ben .T.George wrote: > > please anyone share bit more information on this like real example > > As we've said many times before, we have very little real experience on > Solaris. We do the best we can and sometimes that is going to be in the > form of bread crumbs that may be usable to finding your way to a solution. > > Access control via PAM is a very-well understood problem on Solaris. > Once you have users and groups via nss then IPA is largely out of the > equation. The OS vendor or Solaris-specific groups will know how to do > this far better than us. > > If you find a detailed answer I'd be happy to add it to the freeIPA wiki. > > rob > > > > > On Tue, Mar 24, 2015 at 9:03 PM, Rob Crittenden <rcrit...@redhat.com > > <mailto:rcrit...@redhat.com>> wrote: > > > > Dmitri Pal wrote: > > > On 03/24/2015 01:15 PM, Ben .T.George wrote: > > >> Hi > > >> > > >> current stage is AD users can able to login to solaris box. But i > > >> don't up to what level i can control the user. > > >> > > >> i don't think to there is much pan modules in solaris. still i > cannot > > >> able to make home directory with pam. > > > > > > I think pam_groupdn (if available on Solaris) might help but I > could not > > > find a clear example to share with you here. > > > > I'd suggest looking at pam_access. > > > > rob > > > > > > > >> > > >> > > >> > > >> On Tue, Mar 24, 2015 at 4:42 PM, Dmitri Pal <d...@redhat.com > <mailto:d...@redhat.com> > > >> <mailto:d...@redhat.com <mailto:d...@redhat.com>>> wrote: > > >> > > >> On 03/24/2015 07:20 AM, Ben .T.George wrote: > > >>> HI > > >>> > > >>> i am using IPA 3.3 and my client is solaris 10. > > >>> > > >>> how can i give only some set of users to this client without > > >>> creating user group in ad? > > >>> > > >>> thanks & Regards, > > >>> Ben > > >>> > > >>> > > >> > > >> You can create a group in IPA and make Solaris check that > > group at > > >> the access phase of PAM if Solaris is capable of checking > groups > > >> this way. > > >> > > >> -- > > >> Thank you, > > >> Dmitri Pal > > >> > > >> Sr. Engineering Manager IdM portfolio > > >> Red Hat, Inc. > > >> > > >> > > >> -- > > >> Manage your subscription for the Freeipa-users mailing list: > > >> https://www.redhat.com/mailman/listinfo/freeipa-users > > >> Go to http://freeipa.org for more info on the project > > >> > > >> > > > > > > > > > -- > > > Thank you, > > > Dmitri Pal > > > > > > Sr. Engineering Manager IdM portfolio > > > Red Hat, Inc. > > > > > > > > > > > > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project