PAM with LDAP and add an exception for local user
7,386
Thanks for our German friends from https://forum.ubuntuusers.de/topic/pam-so-konfigurieren-dass-lokale-user-nicht-am/. The solution is:
# Allow local user or LDAP user from admin group
account sufficient pam_localuser.so
account required pam_ldap.so
Related videos on Youtube
Author by
kay
Updated on September 18, 2022Comments
-
kay almost 2 years
I've successfully configured LDAP and SSH. Also I've added a requirement that user should be in a group called
admin
. That works./etc/ldap.conf
... pam_groupdn cn=admin,ou=Groups,dc=example,dc=com ...
/etc/pam.d/sshd
...default ubuntu values here... ... auth required pam_ldap.so account required pam_ldap.so password required pam_ldap.so session required pam_ldap.so
BUT I would like to add an exception for local
backup
user in emergency case when LDAP is not reachable. This user hassudo
andauthorized_keys
. How can I achieve that?Right now I can see only this error message:
sshd[12345]: fatal: Access denied for user backup by PAM account configuration [preauth]
-
Ev. over 6 yearsCan you be more specific? Which file should this be in?
-
NicoKowe about 4 years
sed -i '1iaccount sufficient pam_localuser.so' /etc/pam.d/login
. sed 1i as we need this in the first line