LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-22-2006, 12:48 PM   #1
cwhitmore
LQ Newbie
 
Registered: Mar 2005
Posts: 9

Rep: Reputation: 0
/home rights for Active Directory user?


I have setup Suse 10 and am trying to authenticate using Active Directory. I have it setup to ask for the domain at login, but I need to give the AD user rights to /home/username, but I'm not sure how to do that since the user is not on the local system. How do I give permissions to a user from AD while I'm on the linux box? I'm using KDE.
 
Old 09-22-2006, 12:57 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
the most formal way would be to ensure that that user has a valid uid and gid in activedirectory. these details are retreived as part of the query when logging in via pam with ldap support. that user then just appears to be local. i'm not best placed to give exact details of the best way to implement this i'm afraid, but i can say a few other things. there is a layer of abstraction between /etc/passwd, /etc/group and co, from what users are known to a system. this is defined via /etc/nsswitch.conf you'll see in there entries for shadow, passwd and group, and the ways in which those sets of resources are to be found - files, nis, ldap etc... you need to get to a stage where you can run "getent passwd" and such and see the accounts from AD as an output. that data there is just pulling directly on what programs like login itself use for a user base, they don't directly look at local config files at all. so when you have that list and a valid entry for each, including the gid and uid etc... then impliclty they then own any files matching that uid and gid.

if you have access to the AD implementation, or the ear of someone that does, look into installing the MS SFU AD extensions. this will add official fields for the attributes you need, but it is possible to fudge them with existing unused variables to some extent.

HTH
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
linux client/Active Directory server home directories iggymac Linux - Enterprise 38 12-14-2007 12:01 AM
automount home directories with information from Active Directory (or NIS) alex r Linux - Software 5 08-30-2006 10:05 AM
Linux User from Active directory wincrk Linux - Networking 2 05-15-2006 11:13 PM
Home Directory Rights Cottsay Fedora 2 09-06-2005 10:35 PM
Home Directory Default Rights Cottsay Linux - General 2 08-29-2005 01:44 PM


All times are GMT -5. The time now is 09:42 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration