[olug] local groups and Active Directory

Mr Scsi mrscsi at gmail.com
Thu Dec 28 21:57:36 UTC 2006


I'm not a big suse fan/user so my experience comes from RHEL3/4.
We use ldap (both openldap and sun1) for authentication and sycronize AD to
those.
Heres what we have:

In your /etc/nsswitch file, there should be a line for 'group'

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.

passwd: files ldap
group:  files ldap
shadow: files ldap

as long as you list 'files' as a location to get group membership, you
should be able to add the user (maybe manually) to the /etc/group file.

Pam munges all the group membership together.




On 12/28/06, Adam Lassek <adam.lassek at gmail.com> wrote:
>
> SuSE 10.2 lets you configure a Windows Domain during the initial
> setup. I never had to configure anything myself.
>
> I don't see how falling back to local unix files would make a
> difference for my problem, as the Directory authentication works fine.
> Since the user accounts are coming from AD, and not /etc/passwd, they
> are not present in that file. Is there an alternate method for
> assigning local groups?
>
> On 12/28/06, Daniel Pfile <daniel at pfile.net> wrote:
> > Did you set this up yourself or with a wizard? I didn't know samba
> > could authenticate local users without some pam/nss changes. When I
> > worked with pam and ldap a while back you could have it fallback to
> > local unix files when a search in the directory failed. You should be
> > able to modify your groups/nss setup to do that.
> >
> > -- Daniel
> >
> > On Dec 28, 2006, at 3:21 PM, Adam Lassek wrote:
> >
> > > I've run into an interesting problem with SuSE 10.2, or rather,
> > > Samba's AD support. I've configured a machine to attach to the company
> > > Domain, and have been using the Directory for user authentication. It
> > > worked great out of the box, but I need to be able to add a user who
> > > is authenticated through AD into a local group. There doesn't seem to
> > > be any way to do this.
> > >
> > > For instance, the system won't let any unprivileged user to access the
> > > sound card unless they are added to the "audio" group. But if the user
> > > is authenticated through AD and not /etc/passwd, is there any way to
> > > do this?
> > > _______________________________________________
> > > OLUG mailing list
> > > OLUG at olug.org
> > > http://lists.olug.org/mailman/listinfo/olug
> >
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > http://lists.olug.org/mailman/listinfo/olug
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>



More information about the OLUG mailing list