This is a old post.
In case someone like me find this post after searching in the internet, here is the answer in modern days, it works on both debian and RHEL\CentOS.
To restrict access to uers in specified groups, add this line require_membership_of = [SID],[SID],[SID]
Replace the [SID] with the proper AD User, or Group, SID. You can find out what users/groups are assigned which SIDs, with this command. wbinfo -n [NAME]