Allow only root and domain group to login on Linux serverNon-Domain IIS server authenticate on domain?Command line to list users in a Windows Active Directory group?windows server 2008 AD domain login failsInclude AD domain admins group in Linux sudoers?PBIS Open AD authentication stops working on ubuntu with errors: “user accout has expired” and “is your account locked?”Access denied trying to login to Ubuntu 14.04 (Authentication with Active Directory)Allow access to only certian AD Group users to IIS sitePowerBroker Open group listings and enumerationPowerBroker (PBIS) Restricted login list - couldn't resolve srvDomainUsers [40071]ERROR: 500048: Inappropriate authentication when running adtool to retrieve a user's attributes
Simple fuzz pedal using breadboard
When and what was the first 3D acceleration device ever released?
How to Pin Point Large File eating space in Fedora 18
Employer demanding to see degree after poor code review
Find limit in use of integrals
the meaning of 'carry' in a novel
How strong are Wi-Fi signals?
Using credit/debit card details vs swiping a card in a payment (credit card) terminal
Website returning plaintext password
How to use " shadow " in pstricks?
Is neural networks training done one-by-one?
How to use Palladio font in text body but Computer Modern for Equations?
Is there some hidden joke behind the "it's never lupus" running gag in House?
What are the real benefits of using Salesforce DX?
Should one buy new hardware after a system compromise?
Count Even Digits In Number
Would jet fuel for an F-16 or F-35 be producible during WW2?
Where have Brexit voters gone?
Boss wants me to falsify a report. How should I document this unethical demand?
Is it true that cut time means "play twice as fast as written"?
What to do when you've set the wrong ISO for your film?
Computing the matrix powers of a non-diagonalizable matrix
Is the field of q-series 'dead'?
Pirate democracy at its finest
Allow only root and domain group to login on Linux server
Non-Domain IIS server authenticate on domain?Command line to list users in a Windows Active Directory group?windows server 2008 AD domain login failsInclude AD domain admins group in Linux sudoers?PBIS Open AD authentication stops working on ubuntu with errors: “user accout has expired” and “is your account locked?”Access denied trying to login to Ubuntu 14.04 (Authentication with Active Directory)Allow access to only certian AD Group users to IIS sitePowerBroker Open group listings and enumerationPowerBroker (PBIS) Restricted login list - couldn't resolve srvDomainUsers [40071]ERROR: 500048: Inappropriate authentication when running adtool to retrieve a user's attributes
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I have successfully installed PBIS-open to authenticate against active directory. I also used the /opt/pbis/bin/config RequireMembershipOf
command to allow a certain domain group to login.
I would now like to allow root, and the group(s) specified with the /opt/pbis/bin/config RequireMembershipOf
command, and deny all other local users to login. Is there any way to do this?
active-directory authentication
|
show 8 more comments
I have successfully installed PBIS-open to authenticate against active directory. I also used the /opt/pbis/bin/config RequireMembershipOf
command to allow a certain domain group to login.
I would now like to allow root, and the group(s) specified with the /opt/pbis/bin/config RequireMembershipOf
command, and deny all other local users to login. Is there any way to do this?
active-directory authentication
use Allowuser in /etc/ssh/sshd_config
– c4f4t0r
Aug 17 '15 at 8:47
I also want to make sure only these users are allowed to logon directly on the server, so "Allowuser" is not an option in this case
– mpmv2015
Aug 17 '15 at 8:49
please when you talk about login, please tell how? ssh or console?
– c4f4t0r
Aug 17 '15 at 9:06
I'm sorry, I'm talking about the console
– mpmv2015
Aug 17 '15 at 9:14
For your case, you can use pam_access and configure the file /etc/security/access.conf
– c4f4t0r
Aug 17 '15 at 9:34
|
show 8 more comments
I have successfully installed PBIS-open to authenticate against active directory. I also used the /opt/pbis/bin/config RequireMembershipOf
command to allow a certain domain group to login.
I would now like to allow root, and the group(s) specified with the /opt/pbis/bin/config RequireMembershipOf
command, and deny all other local users to login. Is there any way to do this?
active-directory authentication
I have successfully installed PBIS-open to authenticate against active directory. I also used the /opt/pbis/bin/config RequireMembershipOf
command to allow a certain domain group to login.
I would now like to allow root, and the group(s) specified with the /opt/pbis/bin/config RequireMembershipOf
command, and deny all other local users to login. Is there any way to do this?
active-directory authentication
active-directory authentication
asked Aug 17 '15 at 7:21
mpmv2015mpmv2015
116
116
use Allowuser in /etc/ssh/sshd_config
– c4f4t0r
Aug 17 '15 at 8:47
I also want to make sure only these users are allowed to logon directly on the server, so "Allowuser" is not an option in this case
– mpmv2015
Aug 17 '15 at 8:49
please when you talk about login, please tell how? ssh or console?
– c4f4t0r
Aug 17 '15 at 9:06
I'm sorry, I'm talking about the console
– mpmv2015
Aug 17 '15 at 9:14
For your case, you can use pam_access and configure the file /etc/security/access.conf
– c4f4t0r
Aug 17 '15 at 9:34
|
show 8 more comments
use Allowuser in /etc/ssh/sshd_config
– c4f4t0r
Aug 17 '15 at 8:47
I also want to make sure only these users are allowed to logon directly on the server, so "Allowuser" is not an option in this case
– mpmv2015
Aug 17 '15 at 8:49
please when you talk about login, please tell how? ssh or console?
– c4f4t0r
Aug 17 '15 at 9:06
I'm sorry, I'm talking about the console
– mpmv2015
Aug 17 '15 at 9:14
For your case, you can use pam_access and configure the file /etc/security/access.conf
– c4f4t0r
Aug 17 '15 at 9:34
use Allowuser in /etc/ssh/sshd_config
– c4f4t0r
Aug 17 '15 at 8:47
use Allowuser in /etc/ssh/sshd_config
– c4f4t0r
Aug 17 '15 at 8:47
I also want to make sure only these users are allowed to logon directly on the server, so "Allowuser" is not an option in this case
– mpmv2015
Aug 17 '15 at 8:49
I also want to make sure only these users are allowed to logon directly on the server, so "Allowuser" is not an option in this case
– mpmv2015
Aug 17 '15 at 8:49
please when you talk about login, please tell how? ssh or console?
– c4f4t0r
Aug 17 '15 at 9:06
please when you talk about login, please tell how? ssh or console?
– c4f4t0r
Aug 17 '15 at 9:06
I'm sorry, I'm talking about the console
– mpmv2015
Aug 17 '15 at 9:14
I'm sorry, I'm talking about the console
– mpmv2015
Aug 17 '15 at 9:14
For your case, you can use pam_access and configure the file /etc/security/access.conf
– c4f4t0r
Aug 17 '15 at 9:34
For your case, you can use pam_access and configure the file /etc/security/access.conf
– c4f4t0r
Aug 17 '15 at 9:34
|
show 8 more comments
1 Answer
1
active
oldest
votes
If you would like to use pam_access
in redhat and centos and so on, first you need to include the module in your pam configura as follow.
authconfig --update --enablepamaccess
Now you can configure which users that can use your server.
/etc/security/access.conf:
my example rules
+ : DOMAINadmins : ALL
+ : root : ALL
- : ALL : ALL
If you use DOMAIN
sintax in front of the users and groups, that would say you are using winbind, for AD join, I'm using pam_ldap with sfu in the windows side, for this reason in my comments I don't use the domain.
Now you have configured Pam for the users access control, but Now you need to be sure that sshd is using pam,
grep "UsePAM" /etc/ssh/sshd_config
UsePAM yes
If the UsePAM
isn't yes, you need to change this to yes and restart sshd service
I can now only login with my root account. The domain group isn't working. I used PBIS-open to join the domain.
– mpmv2015
Aug 17 '15 at 11:26
sorry, but I don't see any logs of information about what you are doing, is realy hard to help you in this way, is better with start a chat, we can't continue to write comments.
– c4f4t0r
Aug 17 '15 at 11:29
Ok, how do we start to chat? I'm kind of new here
– mpmv2015
Aug 17 '15 at 11:33
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f714619%2fallow-only-root-and-domain-group-to-login-on-linux-server%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
If you would like to use pam_access
in redhat and centos and so on, first you need to include the module in your pam configura as follow.
authconfig --update --enablepamaccess
Now you can configure which users that can use your server.
/etc/security/access.conf:
my example rules
+ : DOMAINadmins : ALL
+ : root : ALL
- : ALL : ALL
If you use DOMAIN
sintax in front of the users and groups, that would say you are using winbind, for AD join, I'm using pam_ldap with sfu in the windows side, for this reason in my comments I don't use the domain.
Now you have configured Pam for the users access control, but Now you need to be sure that sshd is using pam,
grep "UsePAM" /etc/ssh/sshd_config
UsePAM yes
If the UsePAM
isn't yes, you need to change this to yes and restart sshd service
I can now only login with my root account. The domain group isn't working. I used PBIS-open to join the domain.
– mpmv2015
Aug 17 '15 at 11:26
sorry, but I don't see any logs of information about what you are doing, is realy hard to help you in this way, is better with start a chat, we can't continue to write comments.
– c4f4t0r
Aug 17 '15 at 11:29
Ok, how do we start to chat? I'm kind of new here
– mpmv2015
Aug 17 '15 at 11:33
add a comment |
If you would like to use pam_access
in redhat and centos and so on, first you need to include the module in your pam configura as follow.
authconfig --update --enablepamaccess
Now you can configure which users that can use your server.
/etc/security/access.conf:
my example rules
+ : DOMAINadmins : ALL
+ : root : ALL
- : ALL : ALL
If you use DOMAIN
sintax in front of the users and groups, that would say you are using winbind, for AD join, I'm using pam_ldap with sfu in the windows side, for this reason in my comments I don't use the domain.
Now you have configured Pam for the users access control, but Now you need to be sure that sshd is using pam,
grep "UsePAM" /etc/ssh/sshd_config
UsePAM yes
If the UsePAM
isn't yes, you need to change this to yes and restart sshd service
I can now only login with my root account. The domain group isn't working. I used PBIS-open to join the domain.
– mpmv2015
Aug 17 '15 at 11:26
sorry, but I don't see any logs of information about what you are doing, is realy hard to help you in this way, is better with start a chat, we can't continue to write comments.
– c4f4t0r
Aug 17 '15 at 11:29
Ok, how do we start to chat? I'm kind of new here
– mpmv2015
Aug 17 '15 at 11:33
add a comment |
If you would like to use pam_access
in redhat and centos and so on, first you need to include the module in your pam configura as follow.
authconfig --update --enablepamaccess
Now you can configure which users that can use your server.
/etc/security/access.conf:
my example rules
+ : DOMAINadmins : ALL
+ : root : ALL
- : ALL : ALL
If you use DOMAIN
sintax in front of the users and groups, that would say you are using winbind, for AD join, I'm using pam_ldap with sfu in the windows side, for this reason in my comments I don't use the domain.
Now you have configured Pam for the users access control, but Now you need to be sure that sshd is using pam,
grep "UsePAM" /etc/ssh/sshd_config
UsePAM yes
If the UsePAM
isn't yes, you need to change this to yes and restart sshd service
If you would like to use pam_access
in redhat and centos and so on, first you need to include the module in your pam configura as follow.
authconfig --update --enablepamaccess
Now you can configure which users that can use your server.
/etc/security/access.conf:
my example rules
+ : DOMAINadmins : ALL
+ : root : ALL
- : ALL : ALL
If you use DOMAIN
sintax in front of the users and groups, that would say you are using winbind, for AD join, I'm using pam_ldap with sfu in the windows side, for this reason in my comments I don't use the domain.
Now you have configured Pam for the users access control, but Now you need to be sure that sshd is using pam,
grep "UsePAM" /etc/ssh/sshd_config
UsePAM yes
If the UsePAM
isn't yes, you need to change this to yes and restart sshd service
answered Aug 17 '15 at 11:17
c4f4t0rc4f4t0r
3,90132133
3,90132133
I can now only login with my root account. The domain group isn't working. I used PBIS-open to join the domain.
– mpmv2015
Aug 17 '15 at 11:26
sorry, but I don't see any logs of information about what you are doing, is realy hard to help you in this way, is better with start a chat, we can't continue to write comments.
– c4f4t0r
Aug 17 '15 at 11:29
Ok, how do we start to chat? I'm kind of new here
– mpmv2015
Aug 17 '15 at 11:33
add a comment |
I can now only login with my root account. The domain group isn't working. I used PBIS-open to join the domain.
– mpmv2015
Aug 17 '15 at 11:26
sorry, but I don't see any logs of information about what you are doing, is realy hard to help you in this way, is better with start a chat, we can't continue to write comments.
– c4f4t0r
Aug 17 '15 at 11:29
Ok, how do we start to chat? I'm kind of new here
– mpmv2015
Aug 17 '15 at 11:33
I can now only login with my root account. The domain group isn't working. I used PBIS-open to join the domain.
– mpmv2015
Aug 17 '15 at 11:26
I can now only login with my root account. The domain group isn't working. I used PBIS-open to join the domain.
– mpmv2015
Aug 17 '15 at 11:26
sorry, but I don't see any logs of information about what you are doing, is realy hard to help you in this way, is better with start a chat, we can't continue to write comments.
– c4f4t0r
Aug 17 '15 at 11:29
sorry, but I don't see any logs of information about what you are doing, is realy hard to help you in this way, is better with start a chat, we can't continue to write comments.
– c4f4t0r
Aug 17 '15 at 11:29
Ok, how do we start to chat? I'm kind of new here
– mpmv2015
Aug 17 '15 at 11:33
Ok, how do we start to chat? I'm kind of new here
– mpmv2015
Aug 17 '15 at 11:33
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f714619%2fallow-only-root-and-domain-group-to-login-on-linux-server%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
use Allowuser in /etc/ssh/sshd_config
– c4f4t0r
Aug 17 '15 at 8:47
I also want to make sure only these users are allowed to logon directly on the server, so "Allowuser" is not an option in this case
– mpmv2015
Aug 17 '15 at 8:49
please when you talk about login, please tell how? ssh or console?
– c4f4t0r
Aug 17 '15 at 9:06
I'm sorry, I'm talking about the console
– mpmv2015
Aug 17 '15 at 9:14
For your case, you can use pam_access and configure the file /etc/security/access.conf
– c4f4t0r
Aug 17 '15 at 9:34