On 18.04.2019 13:19, Dmitry Donskih wrote:
Hello everyone, I have a terminal server with sssd-ldap setup, users authenticate to Active Directory. Now I need to restrict users' access to AD server with LDAP from their terminal sessions. My idea is to define one privileged source IP port which is used only by SSSD when connecting to AD, and block connections originating from other ports.
Use FW on AD server allowing access only from a specific port or less secure solution to filter outgoing traffic with iptables on terminal server allowing specific source port only.
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
