The Linux box in question is a CentOS 6.5 machine that is bound to active directory. I can change a local user's primary group to an active directory group. But i can't add the active directory group to the local user's supplementary groups.
# usermod -g ad_group_name testuser
# id testuser
uid=500(testuser) gid=1234567(ad_group_name) groups=1234567(ad_group_name)
# usermode -g testgroup
# id testuser
uid=500(testuser) gid=500(testgroup) groups=500(testgroup)
However, if i try to assign that group as a supplementary group, it doesn't work:
# usermode -a -G ad_group_name testuser
# id testuser
uid=500(testuser) gid=500(testgroup) groups=500(testgroup)
I can add that user to as many LOCAL groups as i want and it works great. Just not active directory groups.
How do i do this? I don't mind editing group files manually. However, /etc/groups doesn't contain any active directory groups. Only local groups.
Best Answer
I think you're misunderstanding something.
When you assign the local user a
gid
identifying an AD Group, you effectively map the local user to it's Active Directory counterpart - membership of any other group is a property of the Active Directory group and its relationship with the user account object in Active Directory - not something you control on the client/member server