My scenario is I have linux hosts authenticating aginst Active Directory. All the AD users are part of a domain group called "Domain Users". This opens access to everyone who has account in AD. What I am trying to do is all local users(/etc/passwd) should be able to login w/o any restrictions using ssh, but the domain users I like to restrict based on AD groups. I am not quite sure how to do this. AllowGroups/Allowusers <All Local Users> -- I dont to want list all local users as its huge AllowGroup <AD_group_1> - -Allow all members of this group to login. Remember all these users are member of "Domain Users" as well. Deny Group <Domain Users> Version - OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 I hope you are able to help me resolve this. Thank you very much in advance. cheers, ~MK
