pam auth via winbind, howto map primary group for users?

Question

I have unix users authenticating to an PDC (via winbind) and want to have the primary group of those users a local unix group (e.g. www-data).

users have the group "domain users" with gid 10006 (as the gid winbind mapping)

idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
winbind nested groups = yes

but want that the primary group is 33 for all users (www-data)

how to achieve that?

score 1 · Answer 1 · edited Sep 16 '20 at 00:20

1

Assign the group to users on the pdc in this way

sudo usermod -g www-data foo_user

edited Sep 16 '20 at 00:20

Michael Hampton

237,123
42
477
940

answered Sep 12 '20 at 20:54

YetAnotherUser

111
5

Note that this will change the user's primary group, which may be what the OP needs, but is not usually what people want. – Michael Hampton Sep 16 '20 at 00:19
Yes you're right .Maybe create an AD (not local) group with the same name and uid of www-data should be a clean solution. – YetAnotherUser Sep 16 '20 at 22:51

score 0 · Answer 2 · answered Sep 06 '12 at 15:04

0

Not what you are exactly asking but may be you could use Identity Management for Unix on your AD and then use ACL (setfacl) on you linux machine to allow access to the filesystem.

answered Sep 06 '12 at 15:04

Peter von Nostrand

1
1

score 0 · Answer 3 · edited Apr 13 '17 at 12:14

0

You should review this post as it mostly solved consistent uid/gid mapping for me

Configure Winbind to get User Info from Windows

edited Apr 13 '17 at 12:14

Community

1

answered Jan 11 '13 at 18:12

rjmoggach

953
1
7
11

pam auth via winbind, howto map primary group for users?

3 Answers3