45Drives Knowledge Base
KB450274 - Restricting Domain User Login
https://knowledgebase.45drives.com/kb/kb450274-restricting-domain-user-login/

KB450274 - Restricting Domain User Login

Posted on February 22, 2021 by Brett Kelly


Scope/Description

This article will outline how to restrict Domain User login when joined to a Active Directory.

Prerequisites

Steps

vim /etc/security/pam_winbind.conf
require_membership_of=sid1,sid2,sid3
systemctl restart winbind

Verification

Try to login using the command below and confirm they can not connect:

su 'domain\user'

Troubleshooting

KB450274 - Restricting Domain User Login - 45Drives Knowledge Base
Did you know  45Drives offers free  public and private  webinars ? Click here to learn more  & register! Build & Price

KB450274 – Restricting Domain User Login

You are here:
  • KB Home
  • KB450274 – Restricting Domain User Login

Scope/Description

This article will outline how to restrict Domain User login when joined to a Active Directory.

Prerequisites

  • Already joined a Active Directory
    • See this article on how to join a Domain

Steps

  • Open “/etc/security/pam_winbind.conf” for editing
vim /etc/security/pam_winbind.conf
  • Add a membership entry specifying one or more SIDs:
    • SIDs or group names should be separated by commas and no spaces. Do not create multiple require_membership_of lines or only the last will be used.
[global]
require_membership_of=sid1,sid2,sid3
  • Restart winbind
systemctl restart winbind

Verification

Try to login using the command below and confirm they can not connect:

su 'domain\user'

Troubleshooting

Was this article helpful?
Dislike 0
Views: 447
© 2024 - 45Drives Knowledge Base
Unboxing Racking Storage Drives Cable Setup Power UPS Sizing Remote Access