| GoBieN |
03-31-2009 09:55 AM |
User mapping on RHEL AS 4.6 with Samba/Winbind to Active Directory ?
Hey all,
Using some tutorials and some trying i finally was able to join my Redhat Enterprise Linux AS 4.6 to a windows Active Directory. I used the kerberos/Samba/Winbind method because this does not require changes on the A/D side.
The linux has succesfully joined the domain and i also set up PAM for authenticating trough winbind. A/D users can even login to server (using SSH).
The problem is on the linux i have a local group 'slm' with group id 505.
I have files & folders set up for r/w permissions for group 'slm', also in my /etc/profile i have a special startup script if the user is member of 'slm'.
What i want is, that when a domain user logs in (SSH) that he is automacally placed in the local group 'slm' (and set to primary group) so that these permissions & scripts continue to work.
I have tried fiddling with "net groupmap" but it seems to do only the opposite, namely making linux users work on windows ?
I'll paste my config files:
/etc/samba/smb.conf
Code:
[global]
workgroup = VANHEYSTE
realm = VANHEYSTE.LOCAL
preferred master = no
server string = RHELAS46
netbios name = RHELAS46
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind separator = +
winbind use default domain = yes
printcap name = cups
printing = cups
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
#add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s
/bin/false -M %u
password server = sbs2008.vanheyste.local
/etc/nsswitch.conf
Code:
passwd: files winbind
shadow: files winbind
group: files winbind
/etc/pam.d/sshd
Code:
#%PAM-1.0
auth sufficient pam_winbind.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_mkhomedir.so skel=/etc/skel umask=0022
session required pam_stack.so service=system-auth
session required pam_loginuid.so
/etc/pam.d/samba
Code:
#%PAM-1.0
auth sufficient pam_winbind.so
auth required pam_unix.so
account required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel umask=0022
Now here is a sample from what happens when I login trough SSH with a domain user:
Code:
Last login: Tue Mar 31 15:11:58 2009 from 192.168.101.25
[patriek@RHELAS46 ~]$ whoami
patriek
[patriek@RHELAS46 ~]$ groups
domain users windows sbs remote web workplace users windows sbs fax users windows sbs link users windows sbs sharepoint_membersgroup BUILTIN+users
[patriek@RHELAS46 ~]$ pwd
/home/VANHEYSTE/patriek
[patriek@RHELAS46 ~]$ touch testfile
[patriek@RHELAS46 ~]$ ls -al testfile
-rw-r--r-- 1 patriek domain users 0 Mar 31 16:45 testfile
[patriek@RHELAS46 ~]$ id -G
10004 10008 10012 10016 10021 10056
[patriek@RHELAS46 ~]$ id -u
10013
[patriek@RHELAS46 ~]$ wbinfo -i patriek
patriek:*:10013:10004::/home/VANHEYSTE/patriek:/bin/bash
/etc/group:
Code:
...
slm:x:505:itpartner,VANHEYSTE+guy,VANHEYSTE+patriek
So to sum up, what I want is that when a domain user logs in trough SSH they use the local linux group 'slm' as the primary group so I can keep using the permissions/scripts that I have in place now for the local users/groups.
Thanks for your help ?!
Regards
Stan |
