Give access to specific Active Directory Groups and local users

YaserMow

7/4/24, 9:12 AM

I have a server which is connected to the active directory, everything works fine (at least I guess) and everyone can access the server with their AD credentials, but I wan only specific group to be able to access the server, I made some changes in /etc/security/access.conf and added the following line +:@MY-GROUP :ALL, and also uncommented the line -:ALL:ALL, but no one is able to login even the local account on the server and I get the error: Connectin closed by Server-IP port SSH-Port, and when I change the line to +:@MY-GROUP ALL:ALL, everyone can access the server

0 + 1

ssh

authentication

active-directory

raj

7/4/24, 2:39 PM

As the man page for `access.conf` says, the sign `@` in this file is used to indicate **netgroups**, which are used by NIS. This is something very different from a "regular" users group in the system. According to the same man page, names of groups should be written in parentheses: `(group)`. Try this.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Give access to specific Active Directory Groups and local users

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.