[Gllug] Samba - Add Active Directory User to UNIX Group?
Bruce Richardson
itsbruce at workshy.org
Fri Oct 9 12:31:58 UTC 2009
On Fri, Oct 09, 2009 at 11:19:18AM +0100, KJS wrote:
> Hi Guys,
>
> Let me explain my setup... We have a 2003 SBS box and a Samba server,
> the 2003 Server does the Active Directory authentication for the Linux
> box, which is working fine for samba and local auth and SSH.
>
> However, I need to add a user from Active Directory (a virtual user
> really), to a local group. Now this does not seem to be easy, I can't
> just usermod the Active Directory user to add a group as I get "User not
> found in /etc/passwd" or similar error.
Winbind will solve this for you: samba, winbind, pam. If you install
samba, make the server part of the domain and use winbind to give domain
users and groups local uids and gids, then the Linux box will be able to
resolve Doman User/Group names into uids. It's then perfectly possible
to add domain users to local unix groups or have sudo rules that enable
members of domain groups to do actions X, Y and Z.
Pam is needed for local/ssh login, for password changes and for
automatically creating home directories when domain users connect.
In the office at work, we have user management in Active Directory
(legacy decision) but all the development environment is Linux. On our
build servers, if I type 'getent group', it lists all the domain groups
as well as the local ones, 'getent passwd' gives domain and local
usernames etc.
--
Bruce
If the universe were simple enough to be understood, we would be too
simple to understand it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20091009/4fd793fc/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list