• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 849
  • Last Modified:

SSH login through PAM using {Windbind, Kerberos, LDAP} based on Active Directory group memberships

Hi, I'm looking to make our administration of Linux machines easier by connecting our Linux boxes to our Active Directory to use our admin user accounts from AD to log onto the Linux boxes as well.

Right now users can log into the boxes via SSH using their windows accounts through PAM. Unfortunately this allows all Windows users to log onto the boxes which is quite unneccessary.

How can I reduce the ability for Windows accounts to log onto a Linux box through Active Directory group memberships? What I'm looking for is something based on winbind, LDAP or Kerberos which allows only members of a group linuxAdmins to log onto the Linux server, su'ing locally to a root account if neccessary.

I'm looking at Debian 5 as the Linux platform right now.
0
mgoellner
Asked:
mgoellner
1 Solution
 
NopiusCommented:
> What I'm looking for is something based on winbind, LDAP or Kerberos which allows only members of a group linuxAdmins to log onto the Linux server, su'ing locally to a root account if neccessary.

In /etc/ssh/sshd_config add
AllowGroups linuxAdmins

and restart sshd, 'man sshd_config'
0
 
mgoellnerAuthor Commented:
hmm, too easy, thank you
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now