Thanks a lot, it works. Changed
simple_allow_groups = Simple Users(a)FOOBAR.GLOBAL
to
simple_allow_groups = Simple Users(a)FOOBAR_NOLOGIN.GLOBAL
and it works as intended.
One thing to keep in mind: These AD users must now be referenced in Linux (e.g.
in /etc/sudoers) not by their AD domain
If you're reading this via web, note that the @ sign got mutated to (a) in the
simple_allow_groups configuration lines.
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to