I am using SSSD to get user AUTH from a backend Samba4 AD/DC. For Linux clients sssd.conf is configured to query Samba4 AD based on LDAP/Kerberos i.e. the Linux clients have not done a Domain join. Physical console logins -- things are working fine with changes to NSS and PAM (tool authconfig) for domain User AUTH on Linux and Windows clients. However, I want to restrict access to certain machines to users of a specific group e.g. HR. I guess this is possible on Windows clients with group policies. Is the same possible on CentOS (Linux) workstations. TIA, -- Arun Khan