SLES11 Map AD group to local group

sysengPS · January 10, 2014, 11:34pm

Hello
I’ve followed numerous instructions to map my ad group to my local group, but I don’t see anything doing what I need.
In short, I want the “Domain Admins” AD group to be in the wheel group so I’ve run

# net groupmap add ntgroup="Domain Admins" unixgroup=wheel rid=512 type=d

but I don’t see any changes in /etc/group (not certain if I’m supposed to). Nor does anyone who logs in w/ a domain admin account have rights that an account in the wheel group does.
wbinfo -u gives me a list of users in my domain, in domain\username format
wbingo -g gives me a list of groups in my domain in domain\group format
I connected to AD using the yast/Windows Domain Membership service, and checked the three boxes when it was asked.
Do I need to adjust anything in my /etc/pam.d/login file? I tried adding auth sufficient pam_winbind.so and password sufficient pam_winbind.so, but that didn’t help either. I’ve also added %domain\ admins ALL = ALL to visudo, no change.
I’m using Samba 3.6.3-0.33.35.1-3062

Thanks for any help you can provide

sysengPS · January 15, 2014, 11:28pm

I ended up creating a group in AD, then adding that group to sudoers
AD the group is named devwheel, and, using visudo, I added the following:
%dev\\devwheel ALL=(ALL) NOPASSWD: ALL

Topic		Replies	Views
How to add AD user or group to a Local Linux Group SLES Configure-Administer	3	458	September 12, 2013
AD Users and Local Groups SLES Configure-Administer	0	223	May 28, 2013
Samba Question- AD authentication to shares SLES Configure-Administer	1	208	August 14, 2013
Samba- Adding groups to local admin Win 7 SLES Configure-Administer	0	170	January 30, 2014
Managing AD Group Permissions SLES Configure-Administer	1	211	January 25, 2017

SLES11 Map AD group to local group

Related topics