How to block LDAP users without /home directory

Latest response

On Redhat 7.3, I have setup LDAP Authentication for users within our company's AD Domain. For a small list of pre-selected Domain users of the system, I have manually created their home directory in /home. They are able to login and be in their home directory (not auto mounted).

However, I would like to NOT allow access to other Domain users that DO NOT already have a home directory. Currently, other users in the Domain can login, but they are put in /, and I don't want this. Any Help?

Thanks,
John

Responses

Why don't you use realm permit to restrict login to only the users who you have created home directories for?

Another possibility is turn your requirement around: instead of using the home directory to define who can log on, restrict the users and create the home directory automatically.

To restrict users locally on that machine, you can edit /etc/security/access.conf to define who is allowed to log on. To create the home directory, you can use the pam_mkhomedir plugin.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.