AquaQuieta
September 25th, 2008, 07:25 PM
I have added computers to our AD domain manually before...but
this time I decided to try likewise-open instead of the manual process.
On a clean install of Hardy Heron, I installed Likewise-open and connected to my AD domain (easy breezy, I like it :) I added my LinuxAdmins AD group to the sudoers file, and things were looking good.
However, after logging in as a domain user, I was not a member of any local linux groups...and I searched high and low for a solution. Since I only saw a couple of old posts with people asking for this solution, I figured I'd post what worked for me...
To add AD domain users to local accounts automatically upon login when using likewise-open:
First, add this line to the /etc/security/group.conf file (change the groups as you see fit):
*;*;*;Al0000-2400;floppy,video,audio,cdrom,plugdev,users,scanne r
Step 2) add this line to the /etc/pam.d/common-auth file:
auth required pam_group.so use_first_pass
I'm not sure if order is important, but I put that line at the top of the file, right *above* this line:
auth sufficient /lib/security/pam_lwidentity.so
Step 3) Log out and log back in as an AD user, open a terminal and type "groups". You should see all your AD groups and all the groups specified in /etc/security/group.conf :)
Thats it. I hope it helps somebody else....it took forever to figure out step 2 :)
this time I decided to try likewise-open instead of the manual process.
On a clean install of Hardy Heron, I installed Likewise-open and connected to my AD domain (easy breezy, I like it :) I added my LinuxAdmins AD group to the sudoers file, and things were looking good.
However, after logging in as a domain user, I was not a member of any local linux groups...and I searched high and low for a solution. Since I only saw a couple of old posts with people asking for this solution, I figured I'd post what worked for me...
To add AD domain users to local accounts automatically upon login when using likewise-open:
First, add this line to the /etc/security/group.conf file (change the groups as you see fit):
*;*;*;Al0000-2400;floppy,video,audio,cdrom,plugdev,users,scanne r
Step 2) add this line to the /etc/pam.d/common-auth file:
auth required pam_group.so use_first_pass
I'm not sure if order is important, but I put that line at the top of the file, right *above* this line:
auth sufficient /lib/security/pam_lwidentity.so
Step 3) Log out and log back in as an AD user, open a terminal and type "groups". You should see all your AD groups and all the groups specified in /etc/security/group.conf :)
Thats it. I hope it helps somebody else....it took forever to figure out step 2 :)