LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   /home rights for Active Directory user? (http://www.linuxquestions.org/questions/linux-security-4/home-rights-for-active-directory-user-486033/)

cwhitmore 09-22-2006 12:48 PM

/home rights for Active Directory user?
 
I have setup Suse 10 and am trying to authenticate using Active Directory. I have it setup to ask for the domain at login, but I need to give the AD user rights to /home/username, but I'm not sure how to do that since the user is not on the local system. How do I give permissions to a user from AD while I'm on the linux box? I'm using KDE.

acid_kewpie 09-22-2006 12:57 PM

the most formal way would be to ensure that that user has a valid uid and gid in activedirectory. these details are retreived as part of the query when logging in via pam with ldap support. that user then just appears to be local. i'm not best placed to give exact details of the best way to implement this i'm afraid, but i can say a few other things. there is a layer of abstraction between /etc/passwd, /etc/group and co, from what users are known to a system. this is defined via /etc/nsswitch.conf you'll see in there entries for shadow, passwd and group, and the ways in which those sets of resources are to be found - files, nis, ldap etc... you need to get to a stage where you can run "getent passwd" and such and see the accounts from AD as an output. that data there is just pulling directly on what programs like login itself use for a user base, they don't directly look at local config files at all. so when you have that list and a valid entry for each, including the gid and uid etc... then impliclty they then own any files matching that uid and gid.

if you have access to the AD implementation, or the ear of someone that does, look into installing the MS SFU AD extensions. this will add official fields for the attributes you need, but it is possible to fudge them with existing unused variables to some extent.

HTH


All times are GMT -5. The time now is 01:25 AM.