KB450274 – Restricting Domain User Login

Last modified: June 16, 2021
You are here:
Estimated reading time: < 1 min

Restricting Domain User Login

Scope/Description:

This article will outline how to restrict Domain User login when joined to a Active Directory.

Prerequisites:

  • Already joined a Active Directory
    • See this article on how to join a Domain

Steps:

  • Open “/etc/security/pam_winbind.conf” for editing
vim /etc/security/pam_winbind.conf
  • Add a membership entry specifying one or more SIDs:
    • SIDs or group names should be separated by commas and no spaces. Do not create multiple require_membership_of lines or only the last will be used.
[global]
require_membership_of=sid1,sid2,sid3
  • Restart winbind
systemctl restart winbind

Verification:

Try to login using the command below and confirm they can not connect:

su 'domain\user'

Troubleshooting:

Was this article helpful?
Dislike 0
Views: 37
Unboxing Racking Storage Drives Cable Setup Power UPS Sizing Remote Access