How to add AD user or group to a Local Linux Group

I have successfully configured my SUSE 11.2 server to work using winbind and restricted access to a select group(s) of users using the require_membership_of=SID in the common_auth file.

Now I’m trying to assign/add the users in these groups to the local groups in the server to grant them access to certain areas. So far I have been unsuccessfully in this.

What I have tried and has not worked.

  1. net groupmap add the AD group to the local group
  2. manually added the users to the group file using the SAMBA sid and the /

Any ideas ?

Hi cisaksen,

seems you’re trying to restrict access to the Linux system (I hope you mean SLES11SP2 - “SUSE 11.2” would generally be considered to be OpenSUSE 11.2) based on winbind-accessible credentials.

AFAICT, there’s no way to add Samba-based users/groups as Linux system users/groups (that’s why winbind was introduced in the first place, to map between the two worlds) - but you can configure PAM to authenticate against winbind (see

I have never done this on SLES though, so YMMV.


Yes SLES11 SP2, and I am using winbind for authentication and the \etc\pam.d\common-auth file to restrict who can login. But once they are logged in I want them to be associated with a particular local group so they can access a directory without the “other/world” permissions set.

drwxrwx___ root mygroup /somedir

So i want the user who logged in using AD credentials to be associated with the local group “mygroup” so they can access the dir “somedir”.

Hi cisaksen,

once logged in, the user has a Linux system user id - would adding that id to the appropriate Linux system group help?

It’d not be mapping the user’s AD groups, but a separate group membership level. (you mentioned “local groups”, so I guess that is ok.)