Specifying AD distinguished name (DN=)

Latest response

We've been tasked with limiting access to the RHEL servers to a select group within AD. That group name is "unixadmin".

I'd like to survey the community to hear suggestions on how best to accomplish this. Question / Answers

History: I'm relatively new to RHEL. We're using samba and winbind.



you can either limit the access using the PAM or SSH. It depends.

For the PAM, check the pam_listfile.so module. An example:

auth required pam_listfile.so item=user sense=allow file=/etc/sshd/admins.allow onerr=succeed

For the SSH, check the AllowGroups directive.