- This topic has 1 reply, 2 voices, and was last updated 1 year, 9 months ago by
.
Viewing 1 reply thread
- Posts
People,
In CentOS v8 sssd: How to allow specific AD security group like Domain Admins with space in the name to log in while denying everything else?
This is the /etc/sssd/sssd.conf content:
[sssd] domains = DOMAIN.com config_file_version = 2 services = nss, pam [domain/DOMAIN.com] ad_domain = DOMAIN.com krb5_realm = DOMAIN.COM realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%u@%d access_provider = ldap ldap_access_filter = (memberOf=CN=Domain Admins,CN=Users,DC=DOMAIN,dc=com)
I can only type in the username in Putty as Myself.Admin@DOMAIN.com, but then if the password is correct, I get:
--------------------------- PuTTY Fatal Error --------------------------- Remote side unexpectedly closed network connection --------------------------- OK ---------------------------
Thank you in advance.
Hello,
From what I could see, people are using groups without spacing in the CN. Also, have you tried without spacing in Domain Admins by any chance?
- https://sssd.io/docs/design_pages/active_directory_access_control.html
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/config-sssd-domain-access
Viewing 1 reply thread
- You must be logged in to reply to this topic.
