On Thu, 2013-08-15 at 12:06 -0400, Sophit4 wrote: > SSH Server is running on a RHEL 6.4 system with version > sssd-1.9.2-82.7.el6_4.x86_64. > > I'm using access_provider = ldap in sssd.conf and ldap_access_filter = > memberOf=cn=GoodUsers,ou=x,ou=y,o=z > > > This is working as intended but remote ssh users not in group > GoodUsers are simply disconnected with no error message after > successfully authenticating via authorized_keys or LDAP password. > > > Is there a way to better inform the end user the general reason for > the disconnect?
I do not think SSH will allow you to do that. The author sees dropping any further communication as soon as the user is denied as a security feature I believe. They do the same on password changes. Simo. > > Current behavior: > > > [usr1@test-client Desktop]$ ssh test-server > Connection closed by 192.168.1.22 > > [root@test-server ~]# tail -1 /var/log/secure > > Aug 15 11:40:20 test-server sshd[5562]: fatal: Access denied for user > usr1 by PAM account configuration > > > > Thanks in advance. > > _______________________________________________ > sssd-devel mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-devel -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
