[Gllug] Samba - Add Active Directory User to UNIX Group?

John Edwards john at cornerstonelinux.co.uk
Fri Oct 9 11:40:06 UTC 2009 

On Fri, Oct 09, 2009 at 11:19:18AM +0100, KJS wrote:
> Hi Guys,
> 
> Let me explain my setup... We have a 2003 SBS box and a Samba server, 
> the 2003 Server does the Active Directory authentication for the Linux 
> box, which is working fine for samba and local auth and SSH.
> 
> However, I need to add a user from Active Directory (a virtual user 
> really), to a local group. Now this does not seem to be easy, I can't 
> just usermod the Active Directory user to add a group as I get "User not 
> found in /etc/passwd" or similar error.

If you really want to add users to a local group, you could try
editing the /etc/group file using 'vipw -g'.

But it might be better to do this in Active Directory/LDAP for the
long term, for example if you want to add more Samba servers.


> Having poked around on google I have found that most people are saying 
> you need to do this from the Active Directory server, but how is the AD 
> server going to be aware of the Groups on my Linux server??

Assuming you are accessing Active Directory using libnss_ldap, then
you can add groups to an ou (usually ou=groups in Linux) as posixGroup
objects and then add users to them using memberUid attributes.

The tree and attributes that you use are configured in /etc/ldap.conf.

I seem to remember that Active Directory mixing users and groups in
the same ou.

Lots more info can be found if you search Google for 
Active Directory linux groups:
	http://www.google.co.uk/search?hl=en&q=Active+Directory+linux+groups&btnG=Search&meta=

Especially:
	http://www.linux.com/archive/articles/40983


The most important thing you should do it to not make any changes to
your live system while testing this, otherwise you are likely to cut
off access for your live users.


-- 
#---------------------------------------------------------#
|    John Edwards   Email: john at cornerstonelinux.co.uk    |
#---------------------------------------------------------#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20091009/be382957/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list