Ok, thanks, that explains it. All I want is a way to make sure that a user, which I have not explicitly allowed access, is denied. In other words... default behaviour for all logins should always be DENY, regardless of number of GPOs found. Obviously, a GPO that does contain access control rules should override this default behavior.
Right now we are forced to fall back to either "access_provider=simple" or "ad_access_filter" just to make sure that the default behavior for logins are DENY, which unfortunately defeats the whole idea of using GPO for access control. Any advice on how to achieve my desired functionality is appreciated. Thanks! _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
