Reputation: 11
Validate AD user can login using SSSD on SuSE
I have a requirement to validate if a given user can login to a machine. I don't know their password, but the script can elevate to root using sudo. All the users are AD accounts using SSSD.
Everything I've found just validates if the user is valid or not, such as using
id -u. Doing sudo -lu doesn't work if the user has never logged in before and only shows their sudo permissions. I've also tried using ldapsearch, but that only queries the AD server to see if they have the correct profiles, but not necessarily on that server.
Upvotes: 1
Views: 611
Answers (1)
Reputation: 11
Create in the Domain a group with the users you want to allow in the machine and use it in the key simple_allow_groups explained below.
In the /etc/sssd/sssd.conf Add/Modify the following keys:
access_provider = simple # This will allow you to control who can log in the computer using the simple_allow_groups.
simple_allow_groups = groupname1, groupname2 # Domain groupnames allow you to limit the log on permission for just the members of the groups in this option.
Edit the sudoers (using visudo) and add:
%groupname1 ALL=(ALL) NOPASSWD: ALL
This will allow the user to run any command. If you want to limit the commands allowed, see the examples in the sudoers file.
Upvotes: 0
Related Questions
- How to validate if my user has an ADM account based on samaccountname
- Verify AD User Password
- How can I query sssd via PAM in a C program?
- SSSD Integration with Microsoft AD for SSH Key based Login
- Check Login with saml 2.0 authencation
- ADFS STS authentication with console application
- Verifying user is part of ldap/active directory security group
- SSSD Authentication with Samba 4
- C# verify user in Active Directory from Socket conection
- Authentication against remote active directory in java on Linux