我已经成功配置了LDAP和SSH.此外,我还添加了一个要求用户应该在名为admin的组中的要求.这样可行.
/etc/ldap.conf中用
... pam_groupdn cn=admin,ou=Groups,dc=example,dc=com ...
上将/etc/pam.d/sshd
...default ubuntu values here... ... auth required pam_ldap.so account required pam_ldap.so password required pam_ldap.so session required pam_ldap.so
但是,当无法访问LDAP时,我想在紧急情况下为本地备份用户添加例外.该用户有sudo和authorized_keys.我怎样才能做到这一点?
现在我只能看到此错误消息:
sshd[12345]: fatal: Access denied for user backup by PAM account configuration [preauth]
感谢
https://forum.ubuntuusers.de/topic/pam-so-konfigurieren-dass-lokale-user-nicht-am/的德国朋友.解决方案是:
# Allow local user or LDAP user from admin group account sufficient pam_localuser.so account required pam_ldap.so