I want to do domain authentification on a server and give some users or AD security group root privileges. And some users deny access to the server.
I’ve already joined the server to domain using Yast → Windows Domain Membership. Now domain users can login to the server.
How can I give they root rights? I added string into visudo : dvsbs\\abdv ALL = (root) ALL
but it doesn’t work, I tried su - and error appers: su: User not known to the underlying authentication module
And in log messages: su: pam_winbind(su-l:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
I can’t look up any user in Yast’s module User and Group Administration because filter can’t establish connection (see screenshots).
[QUOTE=bm_rec;40608]I want to do domain authentification on a server and give some users or AD security group root privileges. And some users deny access to the server.
I’ve already joined the server to domain using Yast → Windows Domain Membership. Now domain users can login to the server.
How can I give they root rights? I added string into visudo : dvsbs\\abdv ALL = (root) ALL
but it doesn’t work, I tried su - and error appers: su: User not known to the underlying authentication module
And in log messages: su: pam_winbind(su-l:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
I can’t look up any user in Yast’s module User and Group Administration because filter can’t establish connection (see screenshots).
wbinfo -t says succeeed. I didn’t use sssd.[/QUOTE]
Which version, and SP, of SLES are you using? Is there a reason you did
not use SSSD instead?
I am not an expert in the area of sssd or the older method of just joining
the microsoft active directory (MAD) domain, but what I have learned about
SSSD is that makes me want to use that whenever possible, so I would
probably try using that.
Also, as a note, your commands have some odd characters that may be
because of formatting from the HTTP interface; there is a “code” tag that
can be used via a ‘#’ button at the bottom of the text input area which
makes sure that what you type is not interpreted in an odd way which makes
commands, and other output, invalid for analysis.
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.
If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
[QUOTE=ab;40614]Which version, and SP, of SLES are you using?[/QUOTE] I metioned it in a title.
I didn’t try SSSD because I wanted to try simpler method.
In my future posts I will use these tags, thanks!
This might help: https://www.novell.com/support/kb/doc.php?id=7018675[/color]
Thank you, Thomas, this article helped me.
ab;40614 Wrote:[color=green]
Which version, and SP, of SLES are you using? I metioned it in a title.[/color]
I didn’t try SSSD because I wanted to try simpler method.
In my future posts I will use these tags, thanks!
[/color]
Just a note on sssd. I tried the Samba + sssd mechanism on CentOS, and found it
only partially worked. I went back to winbindd which totally works for not just
auth but also for file serving.