I'm trying to configure a Redhat 6.x server for Authorization and Authentication to Active Directory (AD) via SSSD- after joining the server I'm able to login with any valid domain credentials.
How do I restrict access to 1 or many AD groups?
Is this set by the access_provider attribute? It's currently set to "ad" - how do I set user permissions?
Will this work for NFSv4 Shares which will be hosted? And accessible both both Windows or Linux?
I think you're asking two different questions. One is who can log in to that machine and yes, by default that's controlled with the access_provider. Until the very recent versions, the access_provider=ad only checked for account expiration. With the recent versions, access_provider=ad can also evaluate group policies for access control.
Many users are OK with just using access_provider=simple, though with a simple ACL of permitted users and groups.
The second question is about accessing NFS shares, which I don't think is too related...the UIDs and GIDs the user has assigned control what files can they access, but mounting the shares is a completely different issue althogether (and I'm not well versed there, so I will leave this part to someone else..)
