LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-31-2009, 09:55 AM   #1
GoBieN
LQ Newbie
 
Registered: Mar 2009
Posts: 7

Rep: Reputation: 0
Question User mapping on RHEL AS 4.6 with Samba/Winbind to Active Directory ?


Hey all,

Using some tutorials and some trying i finally was able to join my Redhat Enterprise Linux AS 4.6 to a windows Active Directory. I used the kerberos/Samba/Winbind method because this does not require changes on the A/D side.

The linux has succesfully joined the domain and i also set up PAM for authenticating trough winbind. A/D users can even login to server (using SSH).

The problem is on the linux i have a local group 'slm' with group id 505.
I have files & folders set up for r/w permissions for group 'slm', also in my /etc/profile i have a special startup script if the user is member of 'slm'.

What i want is, that when a domain user logs in (SSH) that he is automacally placed in the local group 'slm' (and set to primary group) so that these permissions & scripts continue to work.

I have tried fiddling with "net groupmap" but it seems to do only the opposite, namely making linux users work on windows ?


I'll paste my config files:
/etc/samba/smb.conf
Code:
[global]
workgroup = VANHEYSTE
realm = VANHEYSTE.LOCAL
preferred master = no
server string = RHELAS46
netbios name = RHELAS46
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind separator = +
winbind use default domain = yes
printcap name = cups
printing = cups
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
#add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s
/bin/false -M %u
password server = sbs2008.vanheyste.local
/etc/nsswitch.conf
Code:
passwd:     files winbind
shadow:     files winbind
group:      files winbind
/etc/pam.d/sshd
Code:
#%PAM-1.0
auth       sufficient   pam_winbind.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_mkhomedir.so skel=/etc/skel umask=0022
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so
/etc/pam.d/samba
Code:
#%PAM-1.0
auth     sufficient     pam_winbind.so
auth     required       pam_unix.so
account  required       pam_unix.so
session  required       pam_mkhomedir.so skel=/etc/skel umask=0022
Now here is a sample from what happens when I login trough SSH with a domain user:
Code:
Last login: Tue Mar 31 15:11:58 2009 from 192.168.101.25
[patriek@RHELAS46 ~]$ whoami
patriek
[patriek@RHELAS46 ~]$ groups
domain users windows sbs remote web workplace users windows sbs fax users windows sbs link users windows sbs sharepoint_membersgroup BUILTIN+users
[patriek@RHELAS46 ~]$ pwd
/home/VANHEYSTE/patriek
[patriek@RHELAS46 ~]$ touch testfile
[patriek@RHELAS46 ~]$ ls -al testfile
-rw-r--r--  1 patriek domain users 0 Mar 31 16:45 testfile
[patriek@RHELAS46 ~]$ id -G
10004 10008 10012 10016 10021 10056
[patriek@RHELAS46 ~]$ id -u
10013
[patriek@RHELAS46 ~]$ wbinfo -i patriek
patriek:*:10013:10004::/home/VANHEYSTE/patriek:/bin/bash
/etc/group:
Code:
...
slm:x:505:itpartner,VANHEYSTE+guy,VANHEYSTE+patriek
So to sum up, what I want is that when a domain user logs in trough SSH they use the local linux group 'slm' as the primary group so I can keep using the permissions/scripts that I have in place now for the local users/groups.

Thanks for your help ?!

Regards
Stan
 
Old 04-03-2009, 05:34 AM   #2
GoBieN
LQ Newbie
 
Registered: Mar 2009
Posts: 7

Original Poster
Rep: Reputation: 0
can i bump ?
 
  


Reply

Tags
ads, domain, samba, windows


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Active Directory groups via Samba/Winbind? dsdonut Linux - Newbie 3 01-23-2009 03:26 PM
PAM Active Directory user authentication for Samba shares in RHEL 4 rockfx01 Linux - Server 3 12-02-2008 01:02 PM
replacing active directory when using samba and winbind wastingtime Linux - Server 0 09-14-2008 03:20 PM
winbind- cannot make user authentication with Active Directory chenboly Linux - Networking 1 04-12-2008 09:09 AM
winbind Active directory guid mapping problem fc6 BarryLinux Linux - Software 3 05-02-2007 08:36 AM


All times are GMT -5. The time now is 05:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration