Re: [Samba] Adding a AD Group to a Unix user account
So how do I add the users to the UNIX group from the Active Directory server? The AD Server can only see the Windows groups...?? If you want to add a user to a UNIX group then yes you do that on the local machine, but your original e-mail suggested you wanted to add UNIX users to AD groups. I want to add the Active Directory user bobby to the UNIX group users how can i do this? You *may* be able to list YOURDOMAIN\bobby in /etc/group, or you may have to use Samba's username map to map YOURDOMAIN\bobby to a local user, then add the local user to the local group. Could I add a mapping from the UNIX group to an AD group via Samba? If it's a UNIX group then it should all be done on the local machine in the normal manner. The trick is getting AD objects appearing as local ones. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Adding a AD Group to a Unix user account
Anyone? KJS wrote: So how do I add the users to the UNIX group from the Active Directory server? The AD Server can only see the Windows groups...?? I want to add the Active Directory user bobby to the UNIX group users how can i do this? Could I add a mapping from the UNIX group to an AD group via Samba? TIA James Adam Nielsen wrote: usermod -g GID bobby and it adds the group to the user account fine (GID being the actual number value not the name). but if i don't use -g it fails to work, I want to ADD the group Domain Users to bobbys account, so I tried: usermod -a -G GID bobby but it doesnt not appear to do anything... Keep in mind that in AD you don't add groups to users, you add users to groups. So if you want to add some people to the AD group Domain Users then you need to make the change on the system where Domain Users is stored, i.e. the Active Directory server. You might be able to get around it if you tell Samba/winbind to map an AD group to a local group, but I'm not sure how this works with membership (whether the local users and the AD users all appear as part of the local group.) Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Adding a AD Group to a Unix user account
So how do I add the users to the UNIX group from the Active Directory server? The AD Server can only see the Windows groups...?? I want to add the Active Directory user bobby to the UNIX group users how can i do this? Could I add a mapping from the UNIX group to an AD group via Samba? TIA James Adam Nielsen wrote: usermod -g GID bobby and it adds the group to the user account fine (GID being the actual number value not the name). but if i don't use -g it fails to work, I want to ADD the group Domain Users to bobbys account, so I tried: usermod -a -G GID bobby but it doesnt not appear to do anything... Keep in mind that in AD you don't add groups to users, you add users to groups. So if you want to add some people to the AD group Domain Users then you need to make the change on the system where Domain Users is stored, i.e. the Active Directory server. You might be able to get around it if you tell Samba/winbind to map an AD group to a local group, but I'm not sure how this works with membership (whether the local users and the AD users all appear as part of the local group.) Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Adding a AD Group to a Unix user account
Hi Guys, First of all I can do the following: usermod -g GID bobby and it adds the group to the user account fine (GID being the actual number value not the name). but if i don't use -g it fails to work, I want to ADD the group Domain Users to bobbys account, so I tried: usermod -a -G GID bobby but it doesnt not appear to do anything... Anyone got any ideas? Many Thanks! James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Adding a AD Group to a Unix user account
I think the problem is that the usermod program used the /etc files, and not NSS. So, you are trying to add bobby to the Domain Users group in /etc/group, but that group doesn't exit there. I found that using Linux ACLs with multiple groups assigned to files was an acceptable work around for my needs. --craig -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of James Sent: Thursday, September 24, 2009 7:50 AM To: samba@lists.samba.org Subject: [Samba] Adding a AD Group to a Unix user account Hi Guys, First of all I can do the following: usermod -g GID bobby and it adds the group to the user account fine (GID being the actual number value not the name). but if i don't use -g it fails to work, I want to ADD the group Domain Users to bobbys account, so I tried: usermod -a -G GID bobby but it doesnt not appear to do anything... Anyone got any ideas? Many Thanks! James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Adding a AD Group to a Unix user account
usermod -g GID bobby and it adds the group to the user account fine (GID being the actual number value not the name). but if i don't use -g it fails to work, I want to ADD the group Domain Users to bobbys account, so I tried: usermod -a -G GID bobby but it doesnt not appear to do anything... Keep in mind that in AD you don't add groups to users, you add users to groups. So if you want to add some people to the AD group Domain Users then you need to make the change on the system where Domain Users is stored, i.e. the Active Directory server. You might be able to get around it if you tell Samba/winbind to map an AD group to a local group, but I'm not sure how this works with membership (whether the local users and the AD users all appear as part of the local group.) Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
