On Thu, Oct 20, 2016 at 11:14:10AM -0000, Aleksey Maksimov wrote:
Hello SSSD guru`s!
Is there anyone have such experience?
There may be some recommendations or instructions?
With the use of mod_authnz_pam
and Require pam-account pam_service_name, with PAM service configured
to use pam_sss.so, you get SSSD invoked for authorization.
You can then configure SSSD any way it suits your environment -- use
GPOs, or potentially HBAC if you have trust setup with IPA server.
More information about this setup (though not talking about AD
specifically) can be found at
Hope this helps,
Senior Principal Software Engineer, Identity Management Engineering, Red Hat