Using members of AD groups to administer Linux

[wood_kenny]

I am trying to setup Linux such that I can use my Microsoft Enterprise Admin creds to administer Linux. I have Samba installed and working, I can login to Linux with my AD creds, and I have used groupmap to associate the ntgroup with the unixgroup. I am using a simple text file with a chmod (sorry, don't know how else to explain it) of 770 root:root as my POC, but my AD account still isn't added to the root group (I know using root is bad, I'm just using for testing and knowledge purposes). The groups command also only lists my AD groups.

Help please, and thanks,

:K

[stokes]

If I understand your post correctly, you are trying to log into your Linux box using AD credentials, and have root access?

I've tried to set up similar AD-Linux integrated environments before and it poses quite a few challenges. You have to use Windows services for Unix on the AD server which adds the appropriate bits to the schema (you may need Schema Admins rights, I can't remember) and then google for "Linux active directory authentication" will tell you how to configure kerberos and LDAP on Linux to authenticate against AD. The 2 files you need to update on the Linux server are /etc/krb5.conf and /etc/ldap.conf to point to your domain controllers for authentication.

This article may help you but it is a bit outdated.

Linux.com :: Unite your Linux and Active Directory authentication