Hi Guys, First of all I can do the following: "usermod -g GID bobby" and it adds the group to the user account fine (GID being the actual number value not the name). but if i don't use -g it fails to work, I want to ADD the group "Domain Users" to "bobbys" account, so I tried: "usermod -a -G GID bobby" but it doesnt not appear to do anything... Anyone got any ideas? Many Thanks! James
Schneider, Craig-P65851
2009-Sep-24 20:38 UTC
[Samba] Adding a AD Group to a Unix user account
I think the problem is that the usermod program used the /etc files, and not NSS. So, you are trying to add "bobby" to the "Domain Users" group in /etc/group, but that group doesn't exit there. I found that using Linux ACLs with multiple groups assigned to files was an acceptable work around for my needs. --craig -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of James Sent: Thursday, September 24, 2009 7:50 AM To: samba at lists.samba.org Subject: [Samba] Adding a AD Group to a Unix user account Hi Guys, First of all I can do the following: "usermod -g GID bobby" and it adds the group to the user account fine (GID being the actual number value not the name). but if i don't use -g it fails to work, I want to ADD the group "Domain Users" to "bobbys" account, so I tried: "usermod -a -G GID bobby" but it doesnt not appear to do anything... Anyone got any ideas? Many Thanks! James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
> "usermod -g GID bobby" and it adds the group to the user account fine > (GID being the actual number value not the name). > > but if i don't use -g it fails to work, I want to ADD the group "Domain > Users" to "bobbys" account, so I tried: > > "usermod -a -G GID bobby" but it doesnt not appear to do anything...Keep in mind that in AD you don't add groups to users, you add users to groups. So if you want to add some people to the AD group "Domain Users" then you need to make the change on the system where "Domain Users" is stored, i.e. the Active Directory server. You might be able to get around it if you tell Samba/winbind to map an AD group to a local group, but I'm not sure how this works with membership (whether the local users and the AD users all appear as part of the local group.) Cheers, Adam.