How to restrict "su - ad_user" to show "su: Permission denied" for AD users, but allow local users to switch to other local users using su?

Solution Verified - Updated -


  • How to make su command show su: Permission denied for AD users/groups not specified under ad_access_filter ?
  • How to restrict su to AD user and allow to local users only ?


  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In