From owner-freebsd-questions@FreeBSD.ORG Wed Aug 3 02:19:17 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A1B016A41F for ; Wed, 3 Aug 2005 02:19:17 +0000 (GMT) (envelope-from tmclaugh@sdf.lonestar.org) Received: from straycat.dhs.org (c-24-60-174-16.hsd1.ma.comcast.net [24.60.174.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE4A943D46 for ; Wed, 3 Aug 2005 02:19:16 +0000 (GMT) (envelope-from tmclaugh@sdf.lonestar.org) Received: from compass.straycat.dhs.org (compass.straycat.dhs.org [192.168.1.48]) by straycat.dhs.org (8.13.0/8.13.0) with ESMTP id j732LwkY021490 for ; Tue, 2 Aug 2005 22:21:58 -0400 (EDT) From: Tom McLaughlin To: freebsd-questions@freebsd.org Content-Type: text/plain Date: Tue, 02 Aug 2005 22:20:33 -0400 Message-Id: <1123035633.93661.78.camel@compass.straycat.dhs.org> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Subject: samba 3 and local wheel group membership X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Aug 2005 02:19:17 -0000 [DISCLAIMER: The box in question is a CentOS machine but wheel group usage isn't common in the Linux world so I'm hoping another FreeBSD user has run into this.] I have a box at work running Samba 3 which I have added as a domain member to an existing Windows domain with a Windows (I believe NT4) PDC. The box running Samba has no local unix users and groups except for root and the other builtin accounts. All user authentication is done through pam_winbind and user information is handled by inbind. What I would like to do is have users that are members of the Windows domian's Server Admin group gain membership to the local unix wheel group when they login via ssh to the domain member. This is mainly to make sudo happy which doesn't seem to like group names with spaces in them. I've read chapters 11 and 12 of the Samba How-To but their instructions appear to be geared towards mapping a domain group to a unix group from the PDC running Samba. I've tried the following on the domain member running Samba based on the How-To: net groupmap add unixgroup=wheel ntgroup="Server Admin" But when I ssh in as my user and run `groups` I do not see myself as a member of the wheel group. I also can't alter files with wheel write permissions. Has someone else setup their box so domain users that are members of a particular Windows domain group become members of the local unix wheel group upon login? Should I be making changes directly on the PDC and not through Samba to accomplish this? Thanks. Tom -- BSD# Project - Mono on FreeBSD http://www.mono-project.com/Mono:FreeBSD