This is how I've done it: Edit /etc/pam.d/sshd and uncomment
account required pam_access.so Edit /etc/security/access.conf and add this line at the bottom: -:ALL EXCEPT root sysadmin ubuntu (name of ssh group):ALL The group can be an LDAP group. Users will still authenticate but they will be immediately disconnected if they are not in the required group. The group needs to be a Posix group (i.e. not groupOfNames or groupOfUniqueNames). Hope that helps. Philip On 2 May 2013 09:46, Geo P.C. <[email protected]> wrote: > By installing libnss-ldap we are able to integrate an Ubuntu server with > ldap (openldap). But we are unable to configure ldap group based > authentication. > > We need to configure in such a way that user from a particular group need > only to login. > > Please let me know is it possible configure it and please update us the > steps or any url. > > Thanks > > Geo >
