realm permit -g not limiting login groups
Solution 1
I also ran into the same problem and what fixed it for me is to first deny all the users using:
realm deny --all
and when all users are denied I used the realm permit to allow the desired group:
realm permit -g usergroup@domain
Solution 2
As Rajneesh Gadge said you would have to deny first.
Then the good behaviour will be with the right ad group name.
For example, in AD the group "Domain Administrators" will be catched with :
realm permit --groups domain\ admins
And does not work with : realm permit --groups Domain\ Administrators
BTW I don't really know how to retrieve this "short name" for groups...
Tikiman163
Updated on June 04, 2022Comments
-
Tikiman163 almost 2 years
I've set up a Raspberry Pi 2 b with a Fedora 23 distro, I've been able to successfully join to our active directory domain using realmd's realm join. I am attempting to limit who may log in by active directory group. After running:
# realm permit -g adgroup@domain
Anyone with a domain account is able to log in regardless of if they are members of the group. I've run realm list and verified the login-policy is set to allow-permitted-logins and the desired group is part of permitted-groups.
The specific linux distro is Fedora-23-remix-rpi2-xfce-1-raw
If anyone else has run into this problem, I would greatly appreciate the help.