Results 1 to 4 of 4

Thread: How to add AD user or group to a Local Linux Group

  1. How to add AD user or group to a Local Linux Group

    I have successfully configured my SUSE 11.2 server to work using winbind and restricted access to a select group(s) of users using the require_membership_of=SID in the common_auth file.

    Now I'm trying to assign/add the users in these groups to the local groups in the server to grant them access to certain areas. So far I have been unsuccessfully in this.

    What I have tried and has not worked.
    1) net groupmap add the AD group to the local group
    2) manually added the users to the group file using the SAMBA sid and the <domain>/<username>

    Any ideas ?

  2. Re: How to add AD user or group to a Local Linux Group

    Hi cisaksen,

    seems you're trying to restrict access to the Linux system (I hope you mean SLES11SP2 - "SUSE 11.2" would generally be considered to be OpenSUSE 11.2) based on winbind-accessible credentials.

    AFAICT, there's no way to add Samba-based users/groups as Linux system users/groups (that's why winbind was introduced in the first place, to *map* between the two worlds) - but you can configure PAM to authenticate against winbind (see http://www.samba.org/samba/docs/man/...ction/pam.html).

    I have never done this on SLES though, so YMMV.

    Regards,
    Jens
    From the times when today's "old school" was "new school"

    If you find this post helpful and are logged into the web interface, show your appreciation and click on the star below...

  3. Re: How to add AD user or group to a Local Linux Group

    Yes SLES11 SP2, and I am using winbind for authentication and the \etc\pam.d\common-auth file to restrict who can login. But once they are logged in I want them to be associated with a particular local group so they can access a directory without the "other/world" permissions set.

    Example:
    drwxrwx___ root mygroup /somedir

    So i want the user who logged in using AD credentials to be associated with the local group "mygroup" so they can access the dir "somedir".

  4. Re: How to add AD user or group to a Local Linux Group

    Hi cisaksen,

    once logged in, the user has a Linux system user id - would adding that id to the appropriate Linux system group help?

    It'd not be mapping the user's AD groups, but a separate group membership level. (you mentioned "local groups", so I guess that is ok.)

    Regards,
    Jens
    From the times when today's "old school" was "new school"

    If you find this post helpful and are logged into the web interface, show your appreciation and click on the star below...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •