Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-22-2006, 01:48 PM   #1
LQ Newbie
Registered: Mar 2005
Posts: 9

Rep: Reputation: 0
/home rights for Active Directory user?

I have setup Suse 10 and am trying to authenticate using Active Directory. I have it setup to ask for the domain at login, but I need to give the AD user rights to /home/username, but I'm not sure how to do that since the user is not on the local system. How do I give permissions to a user from AD while I'm on the linux box? I'm using KDE.
Old 09-22-2006, 01:57 PM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
the most formal way would be to ensure that that user has a valid uid and gid in activedirectory. these details are retreived as part of the query when logging in via pam with ldap support. that user then just appears to be local. i'm not best placed to give exact details of the best way to implement this i'm afraid, but i can say a few other things. there is a layer of abstraction between /etc/passwd, /etc/group and co, from what users are known to a system. this is defined via /etc/nsswitch.conf you'll see in there entries for shadow, passwd and group, and the ways in which those sets of resources are to be found - files, nis, ldap etc... you need to get to a stage where you can run "getent passwd" and such and see the accounts from AD as an output. that data there is just pulling directly on what programs like login itself use for a user base, they don't directly look at local config files at all. so when you have that list and a valid entry for each, including the gid and uid etc... then impliclty they then own any files matching that uid and gid.

if you have access to the AD implementation, or the ear of someone that does, look into installing the MS SFU AD extensions. this will add official fields for the attributes you need, but it is possible to fudge them with existing unused variables to some extent.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
linux client/Active Directory server home directories iggymac Linux - Enterprise 38 12-14-2007 01:01 AM
automount home directories with information from Active Directory (or NIS) alex r Linux - Software 5 08-30-2006 11:05 AM
Linux User from Active directory wincrk Linux - Networking 2 05-16-2006 12:13 AM
Home Directory Rights Cottsay Fedora 2 09-06-2005 11:35 PM
Home Directory Default Rights Cottsay Linux - General 2 08-29-2005 02:44 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:53 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration