[Gllug] Samba - Add Active Directory User to UNIX Group?

KJS lists at netzensolutions.com
Fri Oct 9 11:49:58 UTC 2009


John Edwards wrote:
> On Fri, Oct 09, 2009 at 11:19:18AM +0100, KJS wrote:
>   
>> Hi Guys,
>>
>> Let me explain my setup... We have a 2003 SBS box and a Samba server, 
>> the 2003 Server does the Active Directory authentication for the Linux 
>> box, which is working fine for samba and local auth and SSH.
>>
>> However, I need to add a user from Active Directory (a virtual user 
>> really), to a local group. Now this does not seem to be easy, I can't 
>> just usermod the Active Directory user to add a group as I get "User not 
>> found in /etc/passwd" or similar error.
>>     
>
> If you really want to add users to a local group, you could try
> editing the /etc/group file using 'vipw -g'.
>
> But it might be better to do this in Active Directory/LDAP for the
> long term, for example if you want to add more Samba servers.
>
>
>   
>> Having poked around on google I have found that most people are saying 
>> you need to do this from the Active Directory server, but how is the AD 
>> server going to be aware of the Groups on my Linux server??
>>     
>
> Assuming you are accessing Active Directory using libnss_ldap, then
> you can add groups to an ou (usually ou=groups in Linux) as posixGroup
> objects and then add users to them using memberUid attributes.
>
> The tree and attributes that you use are configured in /etc/ldap.conf.
>
> I seem to remember that Active Directory mixing users and groups in
> the same ou.
>
> Lots more info can be found if you search Google for 
> Active Directory linux groups:
> 	http://www.google.co.uk/search?hl=en&q=Active+Directory+linux+groups&btnG=Search&meta=
>
> Especially:
> 	http://www.linux.com/archive/articles/40983
>
>
> The most important thing you should do it to not make any changes to
> your live system while testing this, otherwise you are likely to cut
> off access for your live users.
>
>
>   
Thanks John,

I have done everything however when I right click a user in AD and 
Select properties i don't see any of the following:

# Modify a user object to function as a POSIX user.
a.) Locate and activate the tab that says Unix Settings.
b.) Under Unix Settings, set the UID and GID for the user, as well as 
the home directory location (on the Linux filesystem /home/). Note: You 
will need to ensure that the directory exists with the appropriate user 
object having access to the directory.
c.) Reset the user's password. This causes the AD password and the Unix 
password attributes to synchronize.


I am wondering if this is the source of the problem... The Server is 
2003 SBS (R2 I think).
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list