I have my Redhat 5.4 linux server fully integrated into my companies AD.? The
biggest issue I have is that I am using a rid backend which means that anyone
with an AD account can log into the server.? So my quesiton is, how can I
restrict server login via AD groups?? I have tried using pam?with pam_listfile,
but for some reason it does not work, I keep getting errors about sshd refusing
the user.? I can use this config for su restrictions but not logins.
I keep getting the following error in /var/log/secure:
pam_listfile(sshd:auth): Refused user DOMAIN+user for service sshd
Does anyone have a working config I could model mine against?
Thanks
/etc/security/loginauthgrp
wheel
root
DOMAIN+operations
/etc/pam.d/system-auth (Very first line)
auth??????????? required??????? pam_listfile.so item=group sense=allow
file=/etc/security/loginauthgrp.allow onerr=fail
