How to restrict Active Directory Users/Group to login to Linux client?

Solution Verified - Updated -


Have a server that allows AD users to login, it creates their home directory, and they can use the system as intended.

  • Would like to limit SSH to a certain group of users.
  • Below is the pam entry:
auth       required
auth       include      password-auth
account    required
account    include      password-auth
password   include      password-auth
# close should be the first session rule
session    required close
session    required
# open should only be followed by sessions to be executed in the user context
session    required open env_params
session    optional force revoke
session    include      password-auth
session    required skel=/etc/skel umask=0077


  • Red Hat Enterprise Linux (RHEL)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In