Pam.d and make difference between AD User and local user on Linux


Login or Register to Reply

 
Thread Tools Search this Thread
# 1  
Pam.d and make difference between AD User and local user on Linux

Hello,

i configured rhel linux 6 with AD directory to authorize windows users to connect on the system and it works.

i have accounts with high privileges (oracle for example) if an account is created on the AD server i would to block him.

I looked for how to do, for the moment all the examples used group on the Ad server but i would like to manage this from linux server. Do you have an idea ?

Regards,

Vincenzo
# 2  
How are you connected to Active Directory? Are you using sssd auth? If so, you can use a value in /etc/sssd/sssd.conf:
Code:
allow_simple_groups = onlythisone, orthisgroup/

If you are using nscd/nslcd which use a more traditional ldap method, there's an option somewhere for your ldap search string. You can write a query that matches just the groups or users you want to allow.

Last edited by bgstack15; 10-05-2018 at 09:20 AM.. Reason: fix tags
# 3  
Hi,

Thanks bgstack15 for your answer.
i use sssd , the allow_simple_group use groups from the AD or local group ?

Vincent
# 4  
Finally i found the solution

modify both files /etc/pam.d/system-auth-ac as well as /etc/pam.d/password-auth-ac

Add for the user test this line

auth requisite pam_succeed_if.so user != test

Put the line like below:
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth requisite pam_succeed_if.so user != test <-- The entry should be added here.

Vincenzo
Login or Register to Reply

|
Thread Tools Search this Thread
Search this Thread:
Advanced Search

More UNIX and Linux Forum Topics You Might Find Helpful
How to Switch from Local user to root user from a shell script?
Little
Hi, I need to switch from local user to root user in a shell script. I need to make it automated so that it doesn't prompt for the root password. I heard the su command will do that work but it prompt for the password. and also can someone tell me whether su command spawns a new shell or...... Shell Programming and Scripting
1
Shell Programming and Scripting
switch user from local user to root in perl
linuxgeek
Hi Gurus, I have a script that requires me to switch from local user to root. Anyone who has an idea on this since when i switch user to root it requires me to input root password. It seems that i need to use expect module here, but i don't know how to create the object for this. ...... Shell Programming and Scripting
1
Shell Programming and Scripting
Determining if user is local-user in /etc/passwd or LDAP user
ckmehta
Besides doing some shell-script which loops through /etc/passwd, I was wondering if there was some command that would tell me, like an enhanced version of getent. The Operating system is Solaris 10 (recent-ish revision) using Sun DS for LDAP.... UNIX for Advanced & Expert Users
5
UNIX for Advanced & Expert Users
Ho do I masquerade the "user@user.local" address in mail/mailx?
gczychi
Hi, I'm brand new here and looking for a solution: I'm using mail or mailx. The default reply address is «myshortusername@mylongusername.local» which makes absolutely no sense for anybody receiving my emails. But how do I change it? There seem to be many solutions but none for Mac OS X....... OS X (Apple)
0
OS X (Apple)
Difference between : Locked User Account & Disabled User Accounts in Linux ?
avklinux
Thanks AVKlinux... UNIX for Dummies Questions & Answers
3
UNIX for Dummies Questions & Answers