Managing AD Group Permissions

I have added my SLES 11 SP3 system to our domain with the following configuration after running “yast2 samba-client”

[x] Also Use SMB Information for Linux Authentication
[x] Create Home Directory on Login
[x] Offline Authentication
[ ] Single Sign-On for SSH

I then edited the /etc/security/pam_winbind.conf file and added an the Active Directory group (TestGroup1). I have restricted logging in successfully and now only members of TestGroup1 and root are able to SSH to the box.

However, I am now unsure of the best way to give and/or manage administrative rights for the AD group. I don’t want to give this group “god” rights, but do want the members to be able to administer the database/application they will be managing. Please advise.


It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

Be sure to read the forum FAQ about what to expect in the way of responses:

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot…

Good luck!

Your SUSE Forums Team