# this is done with netgreoups # on the client change /etc/pam.d/ssh : --------------- account required pam_access.so # defaultfile /etc/security/access.conf account sufficient pam_ldap.so --------------- # on the client change /etc/security/access.conf : --------------- +:root localuserx chris:ALL +:@admins:ALL -:ALL:ALL --------------- # this enables local users root, localuserx and chris to log in, as well as members of netgroup admins # on client edit /etc/nsswitch.conf : --------------- netgroup: ldap --------------- # add netgroup admins in the ldapdirectory, add user: --------------- dn: ou=netgroup,dc=fluxcoil,dc=net ou: netgroup objectClass: organizationalUnit objectClass: top dn: cn=admins,ou=netgroup,dc=fluxcoil,dc=net objectClass: nisNetgroup objectClass: top cn: admins description: all admins nisNetgroupTriple: (,chorn,) nisNetgroupTriple: (,tester0,) --------------- # edit /etc/ldap.conf : --------------- nss_base_netgroup ou=netgroup,dc=fluxcoil,dc=net --------------- # now only local users # root linadmin chris can log onto the client, and members of # netgroup @admins - which is in the ldap