I have my Redhat 5.4 linux server fully integrated into my companies AD. The
biggest issue I have is that I am using a rid backend which means that anyone
with an AD account can log into the server. So my quesiton is, how can I
restrict server login via AD groups? I have tried using pam with pam_listfile,
but for some reason it does not work, I keep getting errors about sshd refusing
the user. I can use this config for su restrictions but not logins.
I keep getting the following error in /var/log/secure:
pam_listfile(sshd:auth): Refused user DOMAIN+user for service sshd
Does anyone have a working config I could model mine against?
Thanks
/etc/security/loginauthgrp
wheel
root
DOMAIN+operations
/etc/pam.d/system-auth (Very first line)
auth required pam_listfile.so item=group sense=allow
file=/etc/security/loginauthgrp.allow onerr=fail
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
