{"id":185,"date":"2008-08-29T22:53:06","date_gmt":"2008-08-29T20:53:06","guid":{"rendered":"http:\/\/www.netexpertise.eu\/en\/?p=185"},"modified":"2021-10-23T09:10:40","modified_gmt":"2021-10-23T07:10:40","slug":"restrict-ldap-nis-users","status":"publish","type":"post","link":"http:\/\/www.netexpertise.eu\/en\/systems\/linux\/restrict-ldap-nis-users.html","title":{"rendered":"Restrict LDAP \/ NIS User Access on Unix"},"content":{"rendered":"\n<p>A lot of networks use LDAP or <a href=\"http:\/\/www.linux-nis.org\/nis-howto\/HOWTO\/\" target=\"_blank\" rel=\"noreferrer noopener\">NIS<\/a> to authenticate users on Linux servers and any Unix flavours. There is no policy control by default and all users in the central LDAP database have access to all servers.<br>Access can be restricted to some of the accounts adding them into the default passwd file if the compat mode is set. This works on most of the Unix family: Linux, Solaris, Aix, etc&#8230;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><br>nsswitch.conf File Settings<\/h3>\n\n\n\n<p>&#8220;file&#8221; is the passwd property on a default system. Change it to &#8220;compat&#8221; to authenticate on your central user base:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">passwd: compat\npasswd_compat: ldap<\/code><\/pre>\n\n\n\n<p><br>By default, the source is nis, but this may be overridden by specifying nisplus or <a href=\"\/en\/category\/database\/ldap\">LDAP<\/a> as source for the pseudo-database passwd_compat.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><br>Grant Access to LDAP \/ NIS users<\/h3>\n\n\n\n<p>Once authentication was set to NIS or LDAP, users can now be authorized to connect on a specific server adding an entry in \/etc\/passwd of the following format:<br>+user:x:::::<br>or<br>+@netgroup:x:::::<br>if you have netgroups in your LDAP or NIS user base.<br><br>It is also possible to exclude some specific users with -user, and allow anybody else with a single + at the end of \/etc\/passwd. This brings some flexibility to restrict LDAP users access.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A lot of networks use LDAP or NIS to authenticate users on Linux servers and any Unix flavours. There is no policy control by default and all users in the central LDAP database have access to all servers.Access can be restricted to some of the accounts adding them into the default passwd file if the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[72,11],"tags":[394,66,392,386,132,393,123],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Netexpertise - Restrict LDAP \/ NIS User Access on Unix<\/title>\n<meta name=\"description\" content=\"In a Linux network with a centralised LDAP \/ NIS user base, restrict and grant access to Unix servers\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.netexpertise.eu\/en\/systems\/linux\/restrict-ldap-nis-users.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Netexpertise - Restrict LDAP \/ NIS User Access on Unix\" \/>\n<meta property=\"og:description\" content=\"In a Linux network with a centralised LDAP \/ NIS user base, restrict and grant access to Unix servers\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.netexpertise.eu\/en\/systems\/linux\/restrict-ldap-nis-users.html\" \/>\n<meta property=\"og:site_name\" content=\"Netexpertise\" \/>\n<meta property=\"article:published_time\" content=\"2008-08-29T20:53:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-10-23T07:10:40+00:00\" \/>\n<meta name=\"author\" content=\"dave\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@netexpertise\" \/>\n<meta name=\"twitter:site\" content=\"@netexpertise\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.netexpertise.eu\/en\/systems\/linux\/restrict-ldap-nis-users.html\",\"url\":\"https:\/\/www.netexpertise.eu\/en\/systems\/linux\/restrict-ldap-nis-users.html\",\"name\":\"Netexpertise - Restrict LDAP \/ NIS User Access on Unix\",\"isPartOf\":{\"@id\":\"http:\/\/www.netexpertise.eu\/en\/#website\"},\"datePublished\":\"2008-08-29T20:53:06+00:00\",\"dateModified\":\"2021-10-23T07:10:40+00:00\",\"author\":{\"@id\":\"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/cb4cd666549d22e9070ec1cfc1a496fa\"},\"description\":\"In a Linux network with a centralised LDAP \/ NIS user base, restrict and grant access to Unix servers\",\"breadcrumb\":{\"@id\":\"https:\/\/www.netexpertise.eu\/en\/systems\/linux\/restrict-ldap-nis-users.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.netexpertise.eu\/en\/systems\/linux\/restrict-ldap-nis-users.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.netexpertise.eu\/en\/systems\/linux\/restrict-ldap-nis-users.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/www.netexpertise.eu\/en\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Restrict LDAP \/ NIS User Access on Unix\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/www.netexpertise.eu\/en\/#website\",\"url\":\"http:\/\/www.netexpertise.eu\/en\/\",\"name\":\"Netexpertise\",\"description\":\"Systems \/ Networks \/ DevOps\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/www.netexpertise.eu\/en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/cb4cd666549d22e9070ec1cfc1a496fa\",\"name\":\"dave\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/image\/\",\"url\":\"http:\/\/1.gravatar.com\/avatar\/1129916e1f4955bd632f27f836f64e55?s=96&d=mm&r=g\",\"contentUrl\":\"http:\/\/1.gravatar.com\/avatar\/1129916e1f4955bd632f27f836f64e55?s=96&d=mm&r=g\",\"caption\":\"dave\"},\"sameAs\":[\"http:\/\/www.netexpertise.eu\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Netexpertise - Restrict LDAP \/ NIS User Access on Unix","description":"In a Linux network with a centralised LDAP \/ NIS user base, restrict and grant access to Unix servers","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.netexpertise.eu\/en\/systems\/linux\/restrict-ldap-nis-users.html","og_locale":"en_US","og_type":"article","og_title":"Netexpertise - Restrict LDAP \/ NIS User Access on Unix","og_description":"In a Linux network with a centralised LDAP \/ NIS user base, restrict and grant access to Unix servers","og_url":"https:\/\/www.netexpertise.eu\/en\/systems\/linux\/restrict-ldap-nis-users.html","og_site_name":"Netexpertise","article_published_time":"2008-08-29T20:53:06+00:00","article_modified_time":"2021-10-23T07:10:40+00:00","author":"dave","twitter_card":"summary_large_image","twitter_creator":"@netexpertise","twitter_site":"@netexpertise","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.netexpertise.eu\/en\/systems\/linux\/restrict-ldap-nis-users.html","url":"https:\/\/www.netexpertise.eu\/en\/systems\/linux\/restrict-ldap-nis-users.html","name":"Netexpertise - Restrict LDAP \/ NIS User Access on Unix","isPartOf":{"@id":"http:\/\/www.netexpertise.eu\/en\/#website"},"datePublished":"2008-08-29T20:53:06+00:00","dateModified":"2021-10-23T07:10:40+00:00","author":{"@id":"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/cb4cd666549d22e9070ec1cfc1a496fa"},"description":"In a Linux network with a centralised LDAP \/ NIS user base, restrict and grant access to Unix servers","breadcrumb":{"@id":"https:\/\/www.netexpertise.eu\/en\/systems\/linux\/restrict-ldap-nis-users.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.netexpertise.eu\/en\/systems\/linux\/restrict-ldap-nis-users.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.netexpertise.eu\/en\/systems\/linux\/restrict-ldap-nis-users.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/www.netexpertise.eu\/en"},{"@type":"ListItem","position":2,"name":"Restrict LDAP \/ NIS User Access on Unix"}]},{"@type":"WebSite","@id":"http:\/\/www.netexpertise.eu\/en\/#website","url":"http:\/\/www.netexpertise.eu\/en\/","name":"Netexpertise","description":"Systems \/ Networks \/ DevOps","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.netexpertise.eu\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/cb4cd666549d22e9070ec1cfc1a496fa","name":"dave","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/image\/","url":"http:\/\/1.gravatar.com\/avatar\/1129916e1f4955bd632f27f836f64e55?s=96&d=mm&r=g","contentUrl":"http:\/\/1.gravatar.com\/avatar\/1129916e1f4955bd632f27f836f64e55?s=96&d=mm&r=g","caption":"dave"},"sameAs":["http:\/\/www.netexpertise.eu"]}]}},"_links":{"self":[{"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/posts\/185"}],"collection":[{"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/comments?post=185"}],"version-history":[{"count":0,"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/posts\/185\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/media?parent=185"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/categories?post=185"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/tags?post=185"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}