Re: AllowGroups (SSHD) not working with kerberos or winbind

Reese,Richard Stephen wrote:
I'm trying to allow a specific group in our Active Directory Domain to
ssh into a server (openssh-server-3.9p1-8.RHEL4.12) we have. If the line
is commented out then it works fine, but any user in our domain may
login if they have a account on the system. When the directive is
uncommented to become active no user can login.

I can view users and groups using wbinfo -u or -g. Any recommendations?

Have you configured /etc/nsswitch.conf to look up active directory groups (presumably via nss_ldap)?

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Relevant Pages

  • Re: Hacker activity?
    ... >login to a server, most as root but some are attempts to login to ... >telnet, all come from the same remote server, and all fail. ... >getting some odd cgi calls to a script on a secure ssl server. ... Make sure root cannot login to your system via ssh. ...
  • Public Authentication Problem on Batch Job using SCP2 when SSH Client Reboot
    ... to a SSH server, HOST2. ... for secure ftp login. ... The login ID is a local user account ... we found that scp2 run failed every time the SSH client ...
  • Re: restrict ssh access
    ... > We have one ssh server which receives about 6000 failed attempts to ... > unsuccessful login attempts per client IP address? ... the remote server is also running OpenSSH. ...
  • Re: NX authentication error
    ... shipped key from server to client. ... when I login via nxclient, after pass steps Connected, download ... problem is with USER1 account. ... nxuser only creates an ssh tunnel. ...
  • Re: Hyperthreading security flaw was: Hyperthreading; was Re: New to Linux. Im not impressed :(
    ... In the case of a multi-user server where users ... login via SSH, a legitimate user could log in, provoke the SSH ... gain more out of the stolen hostkey. ...