0

We have one CentOS 8 server where it's integrated with Windows AD so users access it with their Windows credentials. I have a request and need to check out which users and groups are allowed to access it (not all the AD users were authorized). I can check on sudoers file to see who has the rights to run commands, but is there any other place we can check who can ssh to the server? /etc/passwd seems not storing the AD user info.

Many thanks.

Improve this question

1 Answer 1

Reset to default
0

The other place where you can check who can login in to the machine is /etc/sssd/sssd.conf file. There you can find records like:

simple_allow_groups filter_groups

and so on

Improve this answer
3
  • There is also /etc/security/access.conf and because he wants to find who can SSH, /etc/ssh/sshd_config. Commented Dec 13, 2021 at 13:27
  • @NasirRiley, not sure, because we talk about AD groups and usually configs you mention deal with local groups. Commented Dec 13, 2021 at 13:56
  • /etc/security/access.conf can include AD groups and /etc/ssh/sshd_config can be set to authenticate via AD or any other LDAP authentication source. That is how it is configured where I work and has been that way for years. I'm sure that we aren't the only ones. Commented Dec 13, 2021 at 22:47

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.