How are you connected to Active Directory? Are you using sssd auth? If so, you can use a value in /etc/sssd/sssd.conf:
Code:
allow_simple_groups = onlythisone, orthisgroup/
If you are using nscd/nslcd which use a more traditional ldap method, there's an option somewhere for your ldap search string. You can write a query that matches just the groups or users you want to allow.
Last edited by bgstack15; 10-05-2018 at 10:20 AM..
Reason: fix tags
how can i find my own ip address from unix. command like who -x .this would provide all the ip address but i need to list only current user ip address. who am i command does not display the ip. (1 Reply)
how can i find my own ip address from unix. command like who -x .this would provide all the ip address but i need to list only current user ip address. who am i command does not display the ip. (9 Replies)
Hi,
I'm brand new here and looking for a solution:
I'm using mail or mailx. The default reply address is «myshortusername@mylongusername.local» which makes absolutely no sense for anybody receiving my emails.
But how do I change it? There seem to be many solutions but none for Mac OS X.... (0 Replies)
Besides doing some shell-script which loops through /etc/passwd, I was wondering if there was some command that would tell me, like an enhanced version of getent.
The Operating system is Solaris 10 (recent-ish revision) using Sun DS for LDAP. (5 Replies)
Hi Gurus,
I have a script that requires me to switch from local user to root. Anyone who has an idea on this since when i switch user to root it requires me to input root password.
It seems that i need to use expect module here, but i don't know how to create the object for this.
... (1 Reply)
Here is the log im pasting for verbose ssh:
-bash-2.05b$ ssh -v qa_fnp@10.41.11.23
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will... (5 Replies)
Hi
We have these specific requirements for a bunch of servers we have and cannot seem to get pam to behave in this way. We would like:
PAM locks accounts if pam tally reaches 10.
PAM unlocks the account after 30mins from locking it, and resets the pam_tally.
The key is that we don't... (0 Replies)
Hi,
I need to switch from local user to root user in a shell script.
I need to make it automated so that it doesn't prompt for the root password.
I heard the su command will do that work but it prompt for the password.
and also can someone tell me whether su command spawns a new shell or... (1 Reply)
Discussion started by: Little
1 Replies
LEARN ABOUT CENTOS
sss_cache
SSS_CACHE(8) SSSD Manual pages SSS_CACHE(8)NAME
sss_cache - perform cache cleanup
SYNOPSIS
sss_cache [options]
DESCRIPTION
sss_cache invalidates records in SSSD cache. Invalidated records are forced to be reloaded from server as soon as related SSSD backend is
online.
OPTIONS -E,--everything
Invalidate all cached entries except for sudo rules.
-u,--user login
Invalidate specific user.
-U,--users
Invalidate all user records. This option overrides invalidation of specific user if it was also set.
-g,--group group
Invalidate specific group.
-G,--groups
Invalidate all group records. This option overrides invalidation of specific group if it was also set.
-n,--netgroup netgroup
Invalidate specific netgroup.
-N,--netgroups
Invalidate all netgroup records. This option overrides invalidation of specific netgroup if it was also set.
-s,--service service
Invalidate specific service.
-S,--services
Invalidate all service records. This option overrides invalidation of specific service if it was also set.
-a,--autofs-map autofs-map
Invalidate specific autofs maps.
-A,--autofs-maps
Invalidate all autofs maps. This option overrides invalidation of specific map if it was also set.
-d,--domain domain
Restrict invalidation process only to a particular domain.
-?,--help
Display help message and exit.
SEE ALSO sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-sudo(5),sss_cache(8), sss_debuglevel(8),
sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8),
sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8),pam_sss(8).
AUTHORS
The SSSD upstream - http://fedorahosted.org/sssd
SSSD 06/17/2014 SSS_CACHE(8)