Authentication via Pam LDAP

Bweb Authentication system users + Linux System Authentication via Pam LDAP

Its possible to have the following authentication workflow with Bweb: Ldap Authentication + Linux Server Pam + Bweb System Authentication

Linux Server Pam LDAP Authentication

https://wiki.debian.org/LDAP/PAM

https://www.howtoforge.com/linux_ldap_authentication

On Bweb Side Configure Bweb System Users, just check the checkbox of Systems Users Authentication and add bacula to the System Wheel Group.

How to add a wheel group in Linux Server

When a server had to be maintained at a higher level than the day-to-day system administrator, root rights were often required. The ‘wheel’ group was used to create a pool of user accounts that were allowed to get that level of access to the server. If you weren’t in the ‘wheel’ group, you were denied access to root.

Simple speaking, the wheel group is a group of users allowed to access root user.

Let us take an example of Red Hat Linux server. First, make sure there is a wheel group in the /etc/group file.

wheel:x:10:root

If the above line does not exist, add it.

You must put users that you want to be admins into the wheel group. To do this, add the user to the end of the wheel group line. This will make the wheel group a secondary group.

Second, change into the /etc/pam.d directory, and edit the file su.

This file controls the access to the program su and modifies its behaviors during the authentication process. The change will modify the access so that only those in the wheel group have access to the program su.

Find these lines in /etc/pam.d/su:

# Uncomment the following line to require a user to be in the ?wheel? group. #auth required pam_wheel.so use_uid

And change them (as suggested) to this:

# Uncomment the following line to require a user to be in the ?wheel? group. auth required pam_wheel.so use_uid

Then, expand the permissions in sudo to account for those with wheel permissions. Edit the configuration file with visudo and change these lines:

# Uncomment to allow people in group wheel to run all commands # %wheel ALL=(ALL) ALL

To this

# Uncomment to allow people in group wheel to run all commands %wheel ALL=(ALL) ALL

This will allow anyone in the wheel group to execute commands using sudo. It would also allow anyone this sort of access on any machine that they have wheel group membership.