Pam.d and make difference between AD User and local user on Linux

Tags
advanced, difference, linux, make, user

 
Thread Tools Search this Thread
# 1  
Old 10-04-2018
Pam.d and make difference between AD User and local user on Linux

Hello,

i configured rhel linux 6 with AD directory to authorize windows users to connect on the system and it works.

i have accounts with high privileges (oracle for example) if an account is created on the AD server i would to block him.

I looked for how to do, for the moment all the examples used group on the Ad server but i would like to manage this from linux server. Do you have an idea ?

Regards,

Vincenzo
# 2  
Old 10-05-2018
How are you connected to Active Directory? Are you using sssd auth? If so, you can use a value in /etc/sssd/sssd.conf:
Code:
allow_simple_groups = onlythisone, orthisgroup/

If you are using nscd/nslcd which use a more traditional ldap method, there's an option somewhere for your ldap search string. You can write a query that matches just the groups or users you want to allow.

Last edited by bgstack15; 10-05-2018 at 10:20 AM.. Reason: fix tags
# 3  
Old 10-08-2018
Hi,

Thanks bgstack15 for your answer.
i use sssd , the allow_simple_group use groups from the AD or local group ?

Vincent
# 4  
Old 10-09-2018
Finally i found the solution

modify both files /etc/pam.d/system-auth-ac as well as /etc/pam.d/password-auth-ac

Add for the user test this line

auth requisite pam_succeed_if.so user != test

Put the line like below:
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth requisite pam_succeed_if.so user != test <-- The entry should be added here.

Vincenzo

|
Thread Tools Search this Thread
Search this Thread:
Advanced Search

More UNIX and Linux Forum Topics You Might Find Helpful
How to Switch from Local user to root user from a shell script? Little Shell Programming and Scripting 1 02-02-2016 01:39 AM
Mix LDAP and LOCAL user on AIX AIX_user_324891 AIX 15 11-27-2015 06:54 AM
PAM: Unlock user account after 30mins snoop2048 Red Hat 0 10-28-2014 09:48 AM
NIS user in local group clindseysmith UNIX for Dummies Questions & Answers 1 10-10-2011 06:51 PM
Local User AhmedLakadkutta UNIX for Dummies Questions & Answers 4 08-20-2011 07:22 AM
Cant ssh for a local user kirtikjr Solaris 5 08-12-2011 04:03 AM
switch user from local user to root in perl linuxgeek Shell Programming and Scripting 1 06-15-2011 10:28 PM
NIS disabling the MAP for a local user sdohn Red Hat 0 05-07-2010 06:26 AM
Determining if user is local-user in /etc/passwd or LDAP user ckmehta UNIX for Advanced & Expert Users 5 04-28-2010 04:24 AM
Ho do I masquerade the "user@user.local" address in mail/mailx? gczychi OS X (Apple) 0 04-18-2009 03:31 PM
Difference between : Locked User Account & Disabled User Accounts in Linux ? avklinux UNIX for Dummies Questions & Answers 3 02-06-2009 09:01 PM
user management - LDAP and local files scampi SuSE 1 02-05-2009 05:17 AM
local user ip naushad UNIX for Dummies Questions & Answers 9 09-15-2008 02:07 AM
local user ip naushad UNIX for Dummies Questions & Answers 1 09-14-2008 03:36 AM
How to prevent local root from su to an NIS user? nfw UNIX for Advanced & Expert Users 3 01-08-2008 01:38 PM