PDA

View Full Version : Limit AD users Fedora 26



lngammon
7th December 2017, 12:03 AM
Hello everyone! I just got Fedora 26 installed and running. I've also successfully integrated the server with my Active Directory Domain and I can lookup users using "id domain\\user".

My problem is that everyone in the domain can log into the server, they can't make any changes so that's good. However, what I want to do is to limit user accessibility to the server with a security group and the users in that security group I would want them to have admin privileges to the server to do whatever they need. How can I do this?

Thanks!

donatom
9th December 2017, 09:38 PM
Make users who should have administrative privileges members of wheel as explained in: https://docs.fedoraproject.org/f26/system-administrators-guide/basic-system-configuration/Gaining_Privileges.html

Then change /etc/pam.d/su directory so that only members of wheel can use "su" by uncommenting "# auth required pam_wheel.so use_uid" as noted in the /etc/pam.d/su directory.

lngammon
12th December 2017, 06:56 PM
Thanks Donatom. That worked, the users still had to set up a su password but it's linked to AD so it's no big deal.