Question: How to Restrict AD Users/Group to login to our server (CentOS/RHEL 7).
1. Modify the configuration file /etc/security/access.conf file – the below configuration denies all the other user but allows access from root and testgroup.
+ : Domain\testgroup : ALL + : root : ALL - : ALL : ALL
2. Add pam_access.so module in /etc/pam.d/system-auth and /etc/pam.d/password-auth.
account required pam_access.so account required pam_unix.so broken_shadow
3. Please verify the above configuration.
Note: You can add a user that is not on testgroup by adding the following line on /etc/security/access.conf:
+ : testuser:ALL