How to restrict Active Directory Users/Group to login to Linux client?

Solution Verified - Updated -

Issue

Have a server that allows AD users to login, it creates their home directory, and they can use the system as intended.

  • Would like to limit SSH to a certain group of users.
  • Below is the pam entry:
#%PAM-1.0
auth       required     pam_sepermit.so
auth       include      password-auth
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke
session    include      password-auth
session    required     pam_mkhomedir.so skel=/etc/skel umask=0077

Environment

  • Red Hat Enterprise Linux (RHEL)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In