On 11/01/2011 01:38 PM, Stephen Gallagher wrote: 
That's true. You can probably set up netgroups and use pam_access.so to
accomplish this. I don't know anything about setting up netgroups on
Active Directory, personally.


      

    

    AD is (more-less) RFC2307 friendly so yes, it is possible to setup a
    traditional netgroups in AD - I did not verify its functionality
    with sssd though.

    So if it was up to me, I would not rape sssd to provide some
    functionality if the same thing can be accomplished by a more
    standard Unix-ish way.

    

    Ondrej