Site Tools


Sidebar

software:kerberos:crossrealm:8_setup_netgroups
# this is done with netgreoups
# on the client change /etc/pam.d/ssh :
---------------
account required pam_access.so         # defaultfile /etc/security/access.conf
account sufficient pam_ldap.so
---------------

# on the client change /etc/security/access.conf :
---------------
+:root localuserx chris:ALL
+:@admins:ALL
-:ALL:ALL
---------------
# this enables local users root, localuserx and chris to log in, as well as members of netgroup admins

# on client edit /etc/nsswitch.conf :
---------------
netgroup:       ldap
---------------

# add netgroup admins in the ldapdirectory, add user:
---------------
dn: ou=netgroup,dc=fluxcoil,dc=net
ou: netgroup
objectClass: organizationalUnit
objectClass: top

dn: cn=admins,ou=netgroup,dc=fluxcoil,dc=net
objectClass: nisNetgroup
objectClass: top
cn: admins
description: all admins
nisNetgroupTriple: (,chorn,)
nisNetgroupTriple: (,tester0,)
---------------

# edit /etc/ldap.conf : 
---------------
nss_base_netgroup ou=netgroup,dc=fluxcoil,dc=net
---------------


# now only local users
# root linadmin chris can log onto the client, and members of
# netgroup @admins - which is in the ldap
software/kerberos/crossrealm/8_setup_netgroups.txt ยท Last modified: 2022/11/13 12:06 by 127.0.0.1