Ok, I could do this, but it involves changing sssd configuration.
The GPO is much nicer solution - is it now working? It is not clear from the documentation
whether it is still a "wish list" or not...
[mailto:firstname.lastname@example.org] On Behalf Of Dmitri Pal
Sent: 16 July 2015 16:42
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] Reject new users form logging in
On 07/16/2015 10:24 AM, Lukas Slebodnik wrote:
On (16/07/15 14:07), Ondrej Valousek wrote:
> Well, can we use HBAC with AD backend?
> Don’t think so….
You can use GPO with recent version of sssd.
But you can also use the basic LDAP based access control that relies on a filter.
See sssd-ldap. Search for "filter". There are some restrictions though.
Director of Engineering for IdM portfolio Red Hat, Inc.
sssd-users mailing list
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.