LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 10-01-2008, 03:56 PM   #1
kenwood
LQ Newbie
 
Registered: Oct 2008
Posts: 3

Rep: Reputation: 0
Using members of AD groups to administer Linux


Preface: Unix Newbie, Microsoft Knowledgeable

I am trying to use my MS Enterprise Admins group to allow for linux administration.

I have Samba working and can authenticate to linux with MS EA creds. I have used "net groupmap add ntgroup="Enterprise Admins" unixgroup=root" which completes and lists correctly, but things like ifup and ifdown fail with access denied.

Any assistance is appreciated.

Thanks,

:K
 
Old 10-02-2008, 09:50 AM   #2
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 5,945
Blog Entries: 5

Rep: Reputation: 753Reputation: 753Reputation: 753Reputation: 753Reputation: 753Reputation: 753Reputation: 753
Many root commands require the root "user" rather than a root "group". Many of these commands can have different "groups" such as sys, adm, root etc..."

I can't really comment on your attempt to use Windows tools for administering Linux but will caution you to be sure you keep a real root password for each server as there are times you can bring the system up in states like single user where no outside connection is going to work. You do NOT want to rely on having access to some centralized authentication source (or even terminals) in those cases.

What you might try if you're attempting login and then becoming root is to create individual users for each admin and setup sudo (man sudo, man visudo) to allow those admins to switch to root at need.
 
Old 10-02-2008, 11:33 AM   #3
kenwood
LQ Newbie
 
Registered: Oct 2008
Posts: 3

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by jlightner View Post
Many root commands require the root "user" rather than a root "group". Many of these commands can have different "groups" such as sys, adm, root etc..."

I can't really comment on your attempt to use Windows tools for administering Linux but will caution you to be sure you keep a real root password for each server as there are times you can bring the system up in states like single user where no outside connection is going to work. You do NOT want to rely on having access to some centralized authentication source (or even terminals) in those cases.

What you might try if you're attempting login and then becoming root is to create individual users for each admin and setup sudo (man sudo, man visudo) to allow those admins to switch to root at need.
Thanks,

I'm not actually trying to use Microsoft tools, just the Microsoft account as my Authentication and Authorization functionality in Linux (i.e. I want to be able to login with my AD creds and administer the Linux box, hopefully without sudo or su). I already have sudo working, but typically prefer that there is some level of Accounting (i.e. I like AAA), and given my general newbieness in Linux I'm not sure I can get accounting/auditing in a good fashion if everyone sudos root.

I am also using the root group, because of my ignorance (which I profess to) with Linux. Ultimately I am trying to understand how to make NT groups become Unix groups. These systems will become Anti-spam boxes and will only have port 25 exposed to the internet, but the Anti-spam package I have also uses unix group membership to administer the programs, and here again I would like to simply have the appropriate team/NT group automatically have rights into Linux, without having to create accounts on every linux box I have.

Any ideas on how to make the NT group become the Unix group, it appears as if groupmap is meant to make Unix groups useable by NT (and I want to go the other way).

Thanks again,

:k
 
  


Reply

Tags
nt


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Administer Windows ACL from Linux? cilynx Linux - Server 2 09-25-2007 02:08 PM
How to find out members of groups? essdeeay Linux - General 2 04-08-2006 01:56 PM
How to Administer Windows machine from Linux? tonyfreeman Linux - Software 6 12-27-2004 06:21 PM
winbind: wbinfo -g only lists global groups from PDC and not local groups saradiya Linux - Networking 0 12-01-2003 02:58 AM
Groups members of other groups bentz Linux - Security 6 06-22-2003 11:23 PM


All times are GMT -5. The time now is 11:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration