Hi
The users are authenticating using their passwords, pam_ldap is being
called in /etc/pam.d/system-auth. Please see
cat system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired pam_env.so
authsufficientpam_unix.so nullok try_first_pass
authrequisite pam_succeed_if.so uid = 500 quiet
authsufficientpam_sss.so use_first_pass
authsufficientpam_krb5.so use_first_pass
authsufficientpam_ldap.so use_first_pass
authrequired pam_deny.so
Openssh version is latest stable for CentOS 5.x which
is openssh-4.3p2-72.el5_7.5
As said ldap authentication using 389 dir server works fine, I just want to
limit access to certain hosts per user.
Thanks
On Mon, Mar 5, 2012 at 8:03 PM, Iain Morgan iain.mor...@nasa.gov wrote:
On Mon, Mar 05, 2012 at 08:09:04 -0600, Ali Jawad wrote:
Hi
I did install 389 and LDAP authentication, what i need to do now is
allow
access to users only to certain systems, I did checkout :
http://directory.fedoraproject.org/wiki/Howto:Posix#How_to_set_up_host_based_access_control
I tried the old method because I could not figure out the new method,
I
did enable pam_check_host_attr did not change any pam settings
though
and I have use_pam enabled in sshd_config, but the user was still
able to
logon through SSH even though no hosts were listed in his attributes.
Please advice.
Regards
Hello,
What version of OpenSSH are you using and how did the user authenticate?
For example, did the user use publickey authentication instead of
password or challenge-response? Are you calling pam_ldap in the account
portion of your PAM stack? What do you see in the LDAP server's access
log when the user authenticates?
--
Iain Morgan
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
*Ali Jawad
*
*Information Systems Manager*
*Splendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554*
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users