search for: pam_groupdn

...PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I've been trying to get LDAP ssh authentication to work for a while, and I found a bug (http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/116150) in pam_unix.so, that breaks support for ldap-group/host-restrictions the ldap-way. I saw numerous emails about pam_groupdn-ldap-restrictions on the mailinglists dating back to 2001, but no resolution for how to get it playing, so this is a working fix, until pam_unix.so and pam_ldap.so plays well together: The recommended setup, UNIX and LDAP logins work, but groupdn/check_host_attr restrictions dosn't: accoun...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is for the same file server I wrote about earlier. I would like to restrict access by group, as defined in LDAP. The obvious solution is to add a filter to the login LDAP search that restricts to gidNumber=10038 or 10001, since those are the groups I need. From what I'm seeing, I need to add that to /etc/ldap.conf in the nss_base_

...the first line, then logins using their AD password fail. We also have a non-AD ldap authentication server, and have found that these line works fine for ldap (no pam_permit): account sufficient pam_ldap.so auth sufficient pam_ldap.so try_first_pass We would like to implement a pam_groupdn within ldap, and so that would require using account on both: account sufficient pam_winbind.so account sufficient pam_ldap.so However we can't use the above with pam_winbind failing. ssh uses /etc/pam.d/system-auth in Redhat, and Redhat has this account related clump: account...

...e 'host' attribute for access control # Default is no; if set to yes, and user has no # value for the host attribute, and pam_ldap is # configured for account management (authorization) # then the user will not be allowed to login. #pam_check_host_attr yes # Group to enforce membership of #pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com # Group member attribute #pam_member_attribute uniquemember # Specify a minium or maximum UID number allowed #pam_min_uid 0 #pam_max_uid 0 # Template login attribute, default template user # (can be overriden by value of former attribute # in user's entry) #pa...

Hi folks -- Does anyone out there have experienced replacing NIS, using puppet? If so, can you kindly share to me some advise, gotchas, and whatnot, etc... Thanks in advance for your help .... -Conrad -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe

...te for access # control # Default is no; if set to yes, and the user has no # value for the authorizedService attribute, and # pam_ldap is configured for account management # (authorization) then the user will not be allowed # to login. #pam_check_service_attr yes # Group to enforce membership of #pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com # Group member attribute #pam_member_attribute uniquemember # Specify a minium or maximum UID number allowed #pam_min_uid 0 #pam_max_uid 0 # Template login attribute, default template user # (can be overriden by value of former attribute # in user's entry) #pa...

...te for access # control # Default is no; if set to yes, and the user has no # value for the authorizedService attribute, and # pam_ldap is configured for account management # (authorization) then the user will not be allowed # to login. #pam_check_service_attr yes # Group to enforce membership of #pam_groupdn cn=PAM,ou=Groups,dc=example,dc=com # Group member attribute #pam_member_attribute uniquemember # Specify a minium or maximum UID number allowed #pam_min_uid 0 #pam_max_uid 0 # Template login attribute, default template user # (can be overriden by value of former attribute # in user's entry)...

...te for access # control # Default is no; if set to yes, and the user has no # value for the authorizedService attribute, and # pam_ldap is configured for account management # (authorization) then the user will not be allowed # to login. #pam_check_service_attr yes # Group to enforce membership of #pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com # Group member attribute #pam_member_attribute uniquemember # Specify a minium or maximum UID number allowed #pam_min_uid 0 #pam_max_uid 0 # Template login attribute, default template user # (can be overriden by value of former attribute # in user's entry) #pa...

...te for access # control # Default is no; if set to yes, and the user has no # value for the authorizedService attribute, and # pam_ldap is configured for account management # (authorization) then the user will not be allowed # to login. #pam_check_service_attr yes # Group to enforce membership of #pam_groupdn cn=PAM,ou=Groups,dc=example,dc=com # Group member attribute #pam_member_attribute uniquemember # Specify a minium or maximum UID number allowed #pam_min_uid 0 #pam_max_uid 0 # Template login attribute, default template user # (can be overriden by value of former attribute # in user's entry)...