On 18.04.2019 13:19, Dmitry Donskih wrote:
Hello everyone,
I have a terminal server with sssd-ldap setup, users authenticate to Active Directory.
Now I need to restrict users' access to AD server with LDAP from their terminal
sessions.
My idea is to define one privileged source IP port which is used only by SSSD when
connecting to AD, and block connections originating from other ports.
Use FW on AD server allowing access only from a specific port or less
secure solution to filter outgoing traffic with iptables on terminal
server allowing specific source port only.