I have been trying to figure out how to assign the domain admins group from active directory automatic group access at user login.
My system is configured as follows.
* Likewise Open5 Installed and domain joined using GUI
/etc/likewise-open5/lsassd.conf updated to allow single sign on
Changed # assume-default-domain = yes to assume-default-domain = yes
see more details at http:\\help.ubuntu.com/9.04/serverguide/C/likewise-open.html
* Sudo rights updated using visudo
Added - %DOMAINNAME.CO.UK\\domain^admins ALL=(ALL) ALL
Added - DOMAINNAME\\ad^username ALL=(ALL) ALL
* Active Directory Users added to Local Group Automatically
/etc/security/group.conf updated to asign local groups
sudo gedit /etc/security/group.conf
Added - *;*;*;Al0000-2400;floppy,video,audio,cdrom,plugdev,users,scanne r
/etc/pam.d/common-auth updated to enable pam to enable above
sudo gedit /etc/pam.d/common-auth
Added - auth required pam_group.so use_first_pass
See more details at http://ubuntuforums.org/showthread.php?t=929940
* Active directory users added to local linux groups individual as needed
sudo gedit /etc/group updated to include additional users
Added - ad^username,otherad^username,etc to the following groups
adm, dialout, cdrom, plugdev, lpadmin, admin,
I understand that all a domain admin needs to do is sudo and update /etc/group and include themselves in the relevant groups and reboot. The whole point is i want to figure out how to do it automatically.
Can anyone give me any pointers?