Permissions for folders on Linux in multiple AD environment
Hi.
I have a trouble with permissions for folders in my Ubuntu Server 12.04. I have domainA and domainB with two-way trusts. My linux server authenticate with domainB via "net ads join" with Kerberos, Samba + winbind and PAM. https://help.ubuntu.com/community/Ac...ryWinbindHowto My realm is domainB I can logon to the linux server via domainB windows user, e.g domainB\userB (ssh) I can logon to the linux server via domainA windows user too (domainA\userA) (ssh) Problem is, when I try stop samba service via user domainA\userA. I don't have permissions to stop this service, delete folders etc.. On my AD controller I have 2 groups. The first is e.g Group1 when I have 5 users from domainB and I have Group2 when I have 5 users from domainA When I add Group1 to sudoers file - all users from Group1 (domainB) can stop services etc..but when I add Group2 (domainA) to sudoers file - no user can stop services (user is not in sudoers).. - where is mistake? I try add domainA\userA to root, admin group and reboot the server - but when I login via domainA\userA - this user don't have permissions to stop services etc.. I don't have idea what I'm doing bad..Can anyone help me with this permissions? |
Ok, I solved problem..I not correctly typed data to sudoers file. After type "id" when logged my userA, I saw list of AD groups and AD group name have space. I tried in place of space type "^" but without success. In place of space, must be "\" and space, and after AD "\\" e.g domainA\\abc\ a\ b\ group2
|
All times are GMT -5. The time now is 12:41 PM. |