This is how I've done it:Edit /etc/pam.d/sshd and uncommentaccount required pam_access.soEdit /etc/security/access.conf and add this line at the bottom:-:ALL EXCEPT root sysadmin ubuntu (name of ssh group):ALLThe group can be an LDAP group. Users will still authenticate but they will be immediately disconnected if they are not in the required group. The group needs to be a Posix group (i.e. not groupOfNames or groupOfUniqueNames).Hope that helps.Philip
On 2 May 2013 09:46, Geo P.C. <pcgeopc@gmail.com> wrote:
By installing libnss-ldap we are able to integrate an Ubuntu server with ldap (openldap). But we are unable to configure ldap group based authentication.
We need to configure in such a way that user from a particular group need only to login.
Please let me know is it possible configure it and please update us the steps or any url.
Thanks
Geo