I have a Redhat ES 6 server that's successfully joined to a domain via Winbind (i.e. I can login to the Redhat server using domain credentials with no issues).
What I'm looking to do at this point is configure Winbind to automatically add users to a local group based on their domain group. So, for example, say my username on the domain is "DOMAIN\coledot" and I'm a member of the domain group "Arbitrary Group". In my /etc/group file on the Redhat machine, I have the local group "testgrp" defined:
testgrp:x:10506:
If my understanding of the Samba/Winbind groupmap documentation is correct, I should be able to map the local group "testgrp" to the domain group "Arbitrary Group" by using the net groupmap
command:
net groupmap add ntgroup="Arbitrary Group" unixgroup=testgrp type=d
Running net groupmap list
confirms the mapping is created:
root@host # net groupmap list
[...]
Arbitrary Group (S-x-x-xx-xxxxxxxxxx-xxxxxxxxx-xxxxxxxxx-xxxx) -> testgrp
However, when I run the groups
command, even though my user shows up as part of the "Arbitrary Group" group, "testgrp" is nowhere to be found.
My question is twofold:
1) Is my understanding of net groupmap
correct?
2) How can I accomplish my original task (map domain user to local group via domain group)?
Best Answer
I believe you can accomplish this in the /etc/samba/smb.conf file. If your local Linux permissions are correct, you can use the "force group" string to make sure you're connecting with the correct group membership. What tends to throw people off is that the user may already be a member of the local Linux group, but as far as SMB is concerned, the group you 'connect as' from Windows is what matters here.