pam_access.so group restrictions anot working with sssd/realmd

Hey folks

I have set up a machine to use Active Directory. Joining with the realm command is fantastic. I can log in, and everything is rosey.

However I want to restrict access to two specfic groups, and started following:
https://access.redhat.com/solutions/70472

However the pam_access.so doesn't seem to be working. Here is my configs:

Relevant snip from system-auth:
account required pam_access.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so

Relevant snip from access.conf:
+ : domain.ie\git-admin : ALL
+ : domain.ie\git-users : ALL
+ : root : ALL
- : ALL : ALL