Restricting Domain User Login
Scope/Description:
This article will outline how to restrict Domain User login when joined to a Active Directory
Prerequisites:
- Already joined a Active Directory
- See this article on how to join a Domain
Steps:
- Open “/etc/security/pam_winbind.conf” for editing
- Add a membership entry specifying one or more SIDs:
- SIDs or group names should be separated by commas and no spaces. Do not create multiple
require_membership_of
lines or only the last will be used.
- SIDs or group names should be separated by commas and no spaces. Do not create multiple
[global] require_membership_of=sid1,sid2,sid3
- Restart winbind
systemctl restart winbind