I ran into a similar requirement when trying to figure out how to leverage Active Directory for BlogEngine.NET. After spending some time researching I was able to use Active Directory user accounts with the Basic Authentication .NET Membership framework.
This worked on my domain member web server but could easily work for non-domain member servers assuming you add the username and password to the configuration section of the web.config.
From my blog post about how to configure:
Add an entry into the section pointing to your domain controller.
<add name="ADConnectionString" connectionString="LDAP://server.domain.com/DC=domain,DC=com" />
Notice the first part of the LDAP:// syntax specifies the name of the domain controller (server.domain.com). You have a couple of options here. You can specify the Fully Qualified Domain Name as shown in the example; you can specify the relativeDistinguishedNamek (ex. server); you can specify the IP Address of the domain controller (ex. 192.168.1.10); or for more redundancy you can specify just the domain name (ex. domain.com).
Make your section look like the following:
<membership defaultProvider="MyADMembershipProvider">
<providers>
<add name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
attributeMapUsername="sAMAccountName"
enableSearchMethods="true"/>
</providers>
</membership>
You will notice that I did not configure a username and password for connecting into Active Directory. That's because I am running BlogEngine on a domain member server and the IIS services are running under an application pool using Network Services account. If you must use explicit credentials then you can add connectionUsername and connectionPassword to the MyADMembershipProvider entry with the appropriate information.
try
dsget group "CN=GroupName,DC=domain,DC=name,DC=com" -members
Best Answer
If you would like to use
pam_access
in redhat and centos and so on, first you need to include the module in your pam configura as follow.Now you can configure which users that can use your server.
my example rules
If you use
DOMAIN\
sintax in front of the users and groups, that would say you are using winbind, for AD join, I'm using pam_ldap with sfu in the windows side, for this reason in my comments I don't use the domain.Now you have configured Pam for the users access control, but Now you need to be sure that sshd is using pam,
If the
UsePAM
isn't yes, you need to change this to yes and restart sshd service