People,
In CentOS v8 sssd: How to allow specific AD security group with space in the name to log in while denying everything else?
The AD security group is Domain Admins
I have tested the id but nothing is working:
[root@PRDLINUX01-VM ~]# id -g Domain Admins@domain.com
id: extra operand ‘Admins@domain.com’
Try 'id --help' for more information.
[root@PRDLINUX01-VM ~]# id -g 'Domain Admins@domain.com'
id: ‘Domain Admins@domain.com’: no such user
[root@PRDLINUX01-VM ~]# id -g "Domain Admins@domain.com"
id: ‘Domain Admins@domain.com’: no such user
[root@PRDLINUX01-VM ~]# id -g 'Domain Admins'@domain.com
id: ‘Domain Admins@domain.com’: no such user
[root@PRDLINUX01-VM ~]# id -g "Domain Admins"@domain.com
id: ‘Domain Admins@domain.com’: no such user
This is the /etc/sssd/sssd.conf content:
[sssd]
domains = DOMAIN.com
config_file_version = 2
services = nss, pam
[domain/DOMAIN.com]
ad_domain = DOMAIN.com
krb5_realm = DOMAIN.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ldap
ldap_access_filter = (memberOf=CN=Domain Admins,CN=Groups,DC=DOMAIN,dc=com)
I can only type in the username in Putty as Myself.Admin@DOMAIN.com, but then if the password is correct, I get:
---------------------------
PuTTY Fatal Error
---------------------------
Remote side unexpectedly closed network connection
---------------------------
OK
---------------------------
Strangely the system can validate the password against AD, if it is false, it will re-prompt me for the correct password. If it is correct, then the connection is closed.
Thank you in advance.
