How do I give windows domain users local admin rights - WINBIND
Alright where to start - I did a install of SUSE 10.1 which so far is the best suse I've seen so far. Install was easy and the box is running now with all its updates through YAST online update. After the update I joined the box to a server 2003 domain - was also straight forward with no problems. Now I can log into the box using any windows user, a home folder for the user is automatically created (DOMAINNAME folder with a sub folder of the username) but when I try to run applications on the suse box I get permissions errors. I have searched the net for a solution and found various methods that don't work - they are the following 1: useradd or adduser - this adds the user into the passwd and group file but takes away the \ so if i run the command: useradd "DOMAINNAME\username" i end up with DOMAINNAMEusername in the passwd file - and the home folder that gets created is the same DOMAINNAMEusername (one long foldername and not two like it should be). And when I try to run the application it still does not work. Also the UID and GID of the added user are different to the domain user that I just tried adding (what I mean by this is if I run wbinfo -u and wbinfo -g I get a list of all users on the suse box and on the windows 2003 domain and the specific user I am trying to give rights to has a UID of 10001, and all the other windows users have 10002, 10003 and so on up to 10029. But if I add the user using useradd "DOMAINNAME\username" the user ends up with a UID of 10030 in the passwd file. I even tried sudo useradd but still the sudoers file stays untouched and the passwd file get edited.
2: I tried editing the sudoers file as I thought useradd would put the user into the sudoers file but didn't. so I ran visudo and added the user but still no luck.
3: Running yast and then trying to add the domain user into the root group or just the video group but the domain users do not get listed. Which is strange cause I can see all the domain users from the wbinfo command.
I even tried creating a local user then adding that user to the root group, then editing the UID of the local user to be that of the domain user but that didn't work either.
So, basically the box runs well, I have no problem browsing the network after logging in - it never asks for a login or password until I end the session. I can see all windows groups through command line commands but not in YAST users and groups.
So what I ended up doing it examining the error I get when I try to run a application - then making note of the file mentioned - then after logging in as root changing the permissions of the file - where I can add other users to have rights to the file - there I can see the windows users so I add the domain user into the list and that works, but I don't think this is the proper way to fix this issue.
If anyone can help me please be very specific with the commands because I'm probably typing something wrong and its a really simple fix.
Thanks in advance
Basil
|