- Create a /etc/security/pam_winbind.conf file with the following contents:
[global]
require_membership_of = [SID or NAME]
try_first_pass = yes
- Restart the winbind SMF service:
# svcadm restart winbind
[SID or NAME] is a comma separated list of SID’s and/or AD users and/or AD groups
Example: the AD user jack and the members of the AD group IT-ADMIN are allowed to login in.
[global]
require_membership_of = jack,IT-ADMIN
try_first_pass = yes