Permissions for folders on Linux in multiple AD environment
 

Hi.

I have a trouble with permissions for folders in my Ubuntu Server 12.04.

I have domainA and domainB with two-way trusts. My linux server authenticate with domainB via "net ads join" with Kerberos, Samba + winbind and PAM.

https://help.ubuntu.com/community/Ac...ryWinbindHowto

My realm is domainB

I can logon to the linux server via domainB windows user, e.g domainB\userB (ssh)
I can logon to the linux server via domainA windows user too (domainA\userA) (ssh)

Problem is, when I try stop samba service via user domainA\userA. I don't have permissions to stop this service, delete folders etc..

On my AD controller I have 2 groups. The first is e.g Group1 when I have 5 users from domainB and I have Group2 when I have 5 users from domainA

When I add Group1 to sudoers file - all users from Group1 (domainB) can stop services etc..but when I add Group2 (domainA) to sudoers file - no user can stop services (user is not in sudoers).. - where is mistake?

I try add domainA\userA to root, admin group and reboot the server - but when I login via domainA\userA - this user don't have permissions to stop services etc..

I don't have idea what I'm doing bad..Can anyone help me with this permissions?

Ok, I solved problem..I not correctly typed data to sudoers file. After type "id" when logged my userA, I saw list of AD groups and AD group name have space. I tried in place of space type "^" but without success. In place of space, must be "\" and space, and after AD "\\" e.g domainA\\abc\ a\ b\ group2