- On a RHEL host running
sssdconnected to a Windows domain, it is possible for a user to login who should not be permitted login access.
- The login is permitted despite
ad_gpo_implicit_deny = Truebeing set in
- If any GPO has been applied to the RHEL 8 host, regardless if it performs any
sssdrelated changes, the login permissions function correctly and users who should not have access will be denied.
- Red Hat Enterprise Linux (RHEL)
- System Security Services Daemon (SSSD)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.