[olug] local groups and Active Directory
Adam Lassek
adam.lassek at gmail.com
Thu Dec 28 22:34:09 UTC 2006
OK, I see how it works. This is what Daniel was getting at, I just
wasn't following. Thanks for your help.
On 12/28/06, Mr Scsi <mrscsi at gmail.com> wrote:
> I'm not a big suse fan/user so my experience comes from RHEL3/4.
> We use ldap (both openldap and sun1) for authentication and sycronize AD to
> those.
> Heres what we have:
>
> In your /etc/nsswitch file, there should be a line for 'group'
>
> #
> # /etc/nsswitch.conf
> #
> # An example Name Service Switch config file. This file should be
> # sorted with the most-used services at the beginning.
>
> passwd: files ldap
> group: files ldap
> shadow: files ldap
>
> as long as you list 'files' as a location to get group membership, you
> should be able to add the user (maybe manually) to the /etc/group file.
>
> Pam munges all the group membership together.
>
>
>
>
> On 12/28/06, Adam Lassek <adam.lassek at gmail.com> wrote:
> >
> > SuSE 10.2 lets you configure a Windows Domain during the initial
> > setup. I never had to configure anything myself.
> >
> > I don't see how falling back to local unix files would make a
> > difference for my problem, as the Directory authentication works fine.
> > Since the user accounts are coming from AD, and not /etc/passwd, they
> > are not present in that file. Is there an alternate method for
> > assigning local groups?
> >
> > On 12/28/06, Daniel Pfile <daniel at pfile.net> wrote:
> > > Did you set this up yourself or with a wizard? I didn't know samba
> > > could authenticate local users without some pam/nss changes. When I
> > > worked with pam and ldap a while back you could have it fallback to
> > > local unix files when a search in the directory failed. You should be
> > > able to modify your groups/nss setup to do that.
> > >
> > > -- Daniel
> > >
> > > On Dec 28, 2006, at 3:21 PM, Adam Lassek wrote:
> > >
> > > > I've run into an interesting problem with SuSE 10.2, or rather,
> > > > Samba's AD support. I've configured a machine to attach to the company
> > > > Domain, and have been using the Directory for user authentication. It
> > > > worked great out of the box, but I need to be able to add a user who
> > > > is authenticated through AD into a local group. There doesn't seem to
> > > > be any way to do this.
> > > >
> > > > For instance, the system won't let any unprivileged user to access the
> > > > sound card unless they are added to the "audio" group. But if the user
> > > > is authenticated through AD and not /etc/passwd, is there any way to
> > > > do this?
> > > > _______________________________________________
> > > > OLUG mailing list
> > > > OLUG at olug.org
> > > > http://lists.olug.org/mailman/listinfo/olug
> > >
> > > _______________________________________________
> > > OLUG mailing list
> > > OLUG at olug.org
> > > http://lists.olug.org/mailman/listinfo/olug
> > >
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > http://lists.olug.org/mailman/listinfo/olug
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>
More information about the OLUG
mailing list