I have successfully configured my SUSE 11.2 server to work using winbind and restricted access to a select group(s) of users using the require_membership_of=SID in the common_auth file.
Now I’m trying to assign/add the users in these groups to the local groups in the server to grant them access to certain areas. So far I have been unsuccessfully in this.
What I have tried and has not worked.
net groupmap add the AD group to the local group
manually added the users to the group file using the SAMBA sid and the /
seems you’re trying to restrict access to the Linux system (I hope you mean SLES11SP2 - “SUSE 11.2” would generally be considered to be OpenSUSE 11.2) based on winbind-accessible credentials.
AFAICT, there’s no way to add Samba-based users/groups as Linux system users/groups (that’s why winbind was introduced in the first place, to map between the two worlds) - but you can configure PAM to authenticate against winbind (see http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html).
Yes SLES11 SP2, and I am using winbind for authentication and the \etc\pam.d\common-auth file to restrict who can login. But once they are logged in I want them to be associated with a particular local group so they can access a directory without the “other/world” permissions set.
Example:
drwxrwx___ root mygroup /somedir
So i want the user who logged in using AD credentials to be associated with the local group “mygroup” so they can access the dir “somedir”.