[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Allow particular LDAP group users login



Paul,

Thanks for your reply. Finally it works for me:) 


2017-01-08 12:00 GMT+08:00 Paul B. Henson <henson@acm.org>:
On Sat, Jan 07, 2017 at 11:53:27AM +0800, Frank Yu wrote:

> # grep pam_listfile.so system-auth -A2
> auth        required      pam_listfile.so \
>             _onerr_=fail item=group sense=allow file=/etc/login.group.allowed

Without your complete pam configuration there's really no way to tell
what's going on. For example, what if you have a module configured as
sufficient listed above this line? pam_listfile would never even be
consulted.

All I can really say is that I use pam_listfile as so:

auth       requisite    pam_listfile.so item=group sense=allow file=/etc/security/authorized_groups.conf _onerr_=fail

and it works fine for me, with groups pulled out of LDAP, the way I have it
integrated into the rest of my pam configuration. That, and you'd
probably be better off taking this inquiry to the pam mailing list as
your issue is most likely with pam configuration, not ldap, assuming a
"getent group <groupname>" returns the group from ldap you're working
with.




--
Regards
Frank Yu