PAM with LDAP and add an exception for local user
7,386
Thanks for our German friends from https://forum.ubuntuusers.de/topic/pam-so-konfigurieren-dass-lokale-user-nicht-am/. The solution is:
# Allow local user or LDAP user from admin group
account sufficient pam_localuser.so
account required pam_ldap.so
Related videos on Youtube
10 : 46
LDAP - PAM Integration & Secure with TLS
13 : 42
How to Create LDAP Users and Groups using LDIF file in OpenLdap Server on Linux
29 : 46
Join ldap clients to server and test user authentication
35 : 02
LDAP Server - LDAP Account Manager - Ubuntu Server 18.04
37 : 36
9 9 Adding End Users with LDAP Synchronization
02 : 26
answer to question 22 (Configure local linux user in addition to LDAP)
01 : 56
DevOps & SysAdmins: PAM with LDAP and add an exception for local user
Author by
kay
Updated on September 18, 2022Comments
-
kay almost 2 years
I've successfully configured LDAP and SSH. Also I've added a requirement that user should be in a group called
admin. That works./etc/ldap.conf
... pam_groupdn cn=admin,ou=Groups,dc=example,dc=com .../etc/pam.d/sshd
...default ubuntu values here... ... auth required pam_ldap.so account required pam_ldap.so password required pam_ldap.so session required pam_ldap.soBUT I would like to add an exception for local
backupuser in emergency case when LDAP is not reachable. This user hassudoandauthorized_keys. How can I achieve that?Right now I can see only this error message:
sshd[12345]: fatal: Access denied for user backup by PAM account configuration [preauth] -
Ev. over 6 yearsCan you be more specific? Which file should this be in?
-
NicoKowe about 4 years
sed -i '1iaccount sufficient pam_localuser.so' /etc/pam.d/login. sed 1i as we need this in the first line
