• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to Restrict Active Directory Users and Groups to Login to CentOS/RHEL 7 Client

by admin

Question: How to Restrict AD Users/Group to login to our server (CentOS/RHEL 7).

1. Modify the configuration file /etc/security/access.conf file – the below configuration denies all the other user but allows access from root and testgroup.

+ : Domain\testgroup : ALL
+ : root : ALL
- : ALL : ALL

2. Add pam_access.so module in /etc/pam.d/system-auth and /etc/pam.d/password-auth.

account required pam_access.so
account required pam_unix.so broken_shadow

3. Please verify the above configuration.

Note: You can add a user that is not on testgroup by adding the following line on /etc/security/access.conf:

+ : testuser:ALL 

Filed Under: CentOS/RHEL 7, Linux, OEL 7

Some more articles you might also be interested in …

  1. CentOS/RHEL: How to find the package with a missing file using YUM
  2. How to Configure Existing Lvm Volume Group to Use DM-Multipath
  3. kvm-img: command not found
  4. Encrypted vSphere vMotion
  5. CentOS / RHEL : How to setup session idle timeout (inactivity timeout) for ssh auto logout
  6. runlevel Command Examples in Linux
  7. How to use mdadm to create a software mirror on top of multipath devices
  8. CentOS / RHEL 6 : How to limit memory resources for a specific user using cgroups
  9. How to view linux disk partitions (partition table)
  10. nginx 504 gateway time-out

You May Also Like

Primary Sidebar

Recent Posts

  • What are /dev/zero and /dev/null files in Linux
  • grpck command – Remove corrupt or duplicate entries in the /etc/group and /etc/gshadow files.
  • xxd command – Expressed in hexadecimal form
  • sesearch: command not found

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright