Thanks to Anthony Ciarochi at Centeris for this solution.
I have a Centos (Red Hat-based) server that is now accessible to AD users
AND local users via ssh. I can control which AD groups can login using the
syntax below. Red Hat-based distros use pam_stack in pam.d which is quite
different than
Just when I thought I had everything working:
[EMAIL PROTECTED] ~]$ screen -w
TLS: could not load verify locations
(file:`/etc/openldap/cacerts/attu.pem',dir:`/etc/openldap/cacerts').
TLS: error:0200100D:system library:fopen:Permission denied bss_file.c:104
TLS: error:2006D002:BIO
On Fri, Sep 15, 2006 at 05:35:06PM -0400, Matt Herzog wrote:
Hello again.
I'm hoping there is some way I can restrict ssh login through the AD to my
Linux servers. I only have one group of users on the domain that needs ssh
access.
So far I see lots of ways to add or map or join Linux
On Fri, Sep 15, 2006 at 11:34:04AM -0300, Felipe Augusto van de Wiel wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The correct option is start_tls, but it is the default
option, you don't need to setup this. And the key server is not
related with Samba, this option just tells
On Fri, Sep 15, 2006 at 11:42:12AM -0300, Felipe Augusto van de Wiel wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/12/2006 06:50 PM, Matt Herzog escreveu:
I have the winbind login working on FC5 but now logins to local accounts
cannot authenticate.
My config files
On Fri, Sep 15, 2006 at 04:32:13PM -0300, Felipe Augusto van de Wiel wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have winbind working nicely with AD here. It took a while to
figure out but now AD user accounts can ssh into my Linux boxen
reliably, which is really all I
Hello again.
I'm hoping there is some way I can restrict ssh login through the AD to my
Linux servers. I only have one group of users on the domain that needs ssh
access.
So far I see lots of ways to add or map or join Linux to Windows groups but
I would rather be able to say:
no to all AD
I have the winbind login working on FC5 but now logins to local accounts
cannot authenticate.
My config files are here:
http://www.pigeonnier.org/nsswitch.conf
http://www.pigeonnier.org/pam.d/
http://www.pigeonnier.org/krb.conf
Again, if I try to ssh in as a user that exists only as a local
I have been struggling with getting my Fedora Linux clients to be able to
authenticate to a Microsoft AD in the past week and wonder how much of the
problem was due to SELinux. My Debian machines can accept AD logins and even
create home directories and dot files from /etc/skel. I know FC5 does