[SSSD-users] Only members of one AD group should have access to Linux login

Hi I have several users in my AD. All of them can now login with ssh to the Linux server which is not intended. In the AD I have the group MyTestGrp. I want only users in that group to have access to this server. Testing on the Linux server provides the information necessary ("admjoin" should not have access): avgjoe@host007:~$ getent passwd admjoin admjoin:*:1905540256:1905400513:AdmJoin:/home/corp.acme.com/admjoin:/bin/... avgjoe@host007:~$ getent group MyTestGrp MyTestGrp:*:1905738908:avgjoe,bob Where should I add MyTestGrp in the configuration files? I have looked around in /etc/sssd/ and /etc/pam.d/ without success. It is working now with sudo for the group members so I guess it should be possible. best regards