RHEL 7 - Limiting AD logons using Groups

Latest response

Realmd documetation states you can limit users by using the realm permit command. I need to limit access by AD groups. I am working on it now, but was wondering if anyone had already solved the problem.

In RHEL 6 I use the /etc/security/access.conf file to limit logons.

I intend to try that mechanism, but what would be nice would be that I could limit access to AD groups by using realmd.

Responses

Edward,

Without knowing your configuration I assume you are using realmd to configure SSSD for the authentication/identity.

If this is the case, look for the simple access provider eg. 'simple_allow_groups' option in SSSD (/etc/sssd/sssd.conf), it is a basic way to restrict access to servers based on AD groups.

-edit-

There is a solution here that describes the process:
https://access.redhat.com/solutions/715173

You should be able to use PAM too, as we do in RHEL 6. It may also add more security benefits, especially if your configuration (or local policies) requires more complexity.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.