Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: control permissions for Active Directory users on AIX
Top Forums UNIX for Dummies Questions & Answers control permissions for Active Directory users on AIX Post 302404249 by xia777 on Tuesday 16th of March 2010 04:59:35 AM
Old 03-16-2010
control permissions for Active Directory users on AIX
Hello,

I've configured an user authentication against Active Directory (Windows Server 2008 R2) on AIX V6 with LDAP. It works fine.

And here's my problem:

How can I control ldap user permissions on the local AIX machine?
E.g. an AD user should be able to write all files of local sys group.
(You cannot add a LDAP user to a local group)

There is the posibility to create an Active Directory group with UNIX attributes and set the GID with the same number of the local GID on the AIX system.
But:
  1. I'm not sure if this is a good and practicable solution.
  2. You cannot duplicate GIDs in Active Directory but I would need several groups with the same GID (e.g. an user should have different rights on different AIX machines)
Is there a good solution to control permissions of LDAP user?

Thank you for every suggest!
 

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Active / Non Active users ?

Hey, I have few Questions : 1. How to Check/Find who all are the users accessing the server using their id ? 2. How to Check who is the active user or non active user (whose id exists but the access privileges has been removed) ? I am presently using AIX5.3 as a server. Please suggest... (3 Replies)
Discussion started by: varungupta
3 Replies

2. UNIX for Advanced & Expert Users

Compiling Samba from Source on AIX, Active Directory, LDAP, Kerberos

Hello, I asked this question in the AIX subforum but never received an answer, probably because the AIX forum is not that heavily trafficked. Anyway, here it is.. I have never had any issues like this when compiling applications from source. When I try to compile samba-3.5.0pre2, configure runs... (9 Replies)
Discussion started by: raidzero
9 Replies

3. AIX

Authenticate AIX users from MS Active Directory

First, let me start off saying this is not spam. This is me trying to help out other AIX Admins with MS AD servers. If it is not applicable to you, someone else will find it useful. As long as the "KDC" service is running on your AD server, these steps should work. There should be no... (3 Replies)
Discussion started by: kah00na
3 Replies

4. Solaris

Directory Permissions for 2 users on 1 directory

we want to allow user to FTP files into a directory, and then the program (PLSQL) will read and process the file, and then move the file to other directory for archiving. the user id: uftp1, group: ftp the program run in oracle database, thus have the user Id: oraprod, group: dba how to... (2 Replies)
Discussion started by: siakhooi
2 Replies

5. UNIX for Advanced & Expert Users

Permissions on a directory in /home for all users

Hi, I have created a shared directory on /home, where all users on a certain group have read, write and execute permissions. I did this using chmod -R g+rwx /home/shared/ The problem is, when a particular user creates a directory within /home/shared, other users are not able to write to... (8 Replies)
Discussion started by: lost.identity
8 Replies

6. AIX

AIX 7.1 - Samba 4 File Shares and Integration with Active Directory Issues

Hi. Ive recently upgraded Samba on an AIX server to Samba 4. The aim is to allow a specific group of Windows AD users to access some AIX file shares (with no requirement to enter passwords) - using AD to authenticate. Currently I have: Samba 4 installed ( and 3 daemons running) Installed... (1 Reply)
Discussion started by: linuxsnake
1 Replies

7. AIX

Samba 3.6 on AIX 7.1 - Windows 10 Access to AIX file shares using Active Directory authentication

I am running AIX 7.1 and currently we have samba 3.6.25 installed on the server. As it stands some AIX folders are shared that can be accessed by certain Windows users. The problem is that since Windows 10 the guest feature no longer works so users have to manually type in their Windows login/pwd... (14 Replies)
Discussion started by: linuxsnake
14 Replies

LEARN ABOUT OSF1

groupadd

groupadd(8)						      System Manager's Manual						       groupadd(8)

NAME

       groupadd - Adds a new group definition

SYNOPSIS

       /usr/sbin/groupadd [-g gid [-o]] [-P] [-x extended_option] group_name

OPTIONS

       Specifies the group identifier (GID) of the new group being added.  The GID must be a non-negative decimal integer.  Allows a group identi-
       fication (GID) number to be duplicated (non-unique).  This option can be used only with the -g option.  Creates a PC group only.  The  fol-
       lowing extended_option attributes are available. The PC attributes will only be applicable if the Advanced Server for UNIX (ASU) is config-
       ured.  The extended_option attributes can be specified as a space-delimited list after a single -x option.  Indicates  that  the  group	is
       distributed. The value of the distributed=n attribute can be 0 or 1.  If set to 0, the group is added to the local system. If set to 1, the
       group is added to the NIS master database on the running system.  When this attribute is set, the local attribute is automatically  set	to
       the  opposite  value.  Indicates that the group is local. The value of the local=n attribute can be 0 or 1. If set to 1, the group is added
       to the local database. If set to 0, the group information is added to the NIS master database.  When this attribute is set, the distributed
       attribute  is automatically set to the opposite value.  A comma-delimited list of members that will be added to the UNIX user's group.  You
       can specify the user (login) name or the account UID.  Specifies a text string that provides a description of the PC  group.   Specifies  a
       comma  delimited  list of PC users to be added to the current list of members of a PC group. Note that this adds, but does not replace mem-
       bers.  Specifies the name of the new group.  The group name can be any printable characters, with the exception of the colon (:)  and  new-
       line (
) characters.

DESCRIPTION

       The  groupadd  command  is part of a set of command-line interfaces (CLI) that are used to create and administer user groups on the system.
       When the Advanced Server for UNIX (ASU) is installed and running, the groupadd command can also be used to administer PC groups	for  users
       who  are also holders of Windows NT domain accounts. Accounts can also be created with the /usr/bin/X11/dxaccounts graphical user interface
       (GUI), although the extended options are only available from the CLI utilities such as useradd and groupmod.

       Different options are available depending on how the local system is configured: In the default UNIX environment, user  account	management
       is  compliant  with  the IEEE POSIX Draft P13873.3 standard.  The CLI is backwards-compatible, so all existing local scripts will function.
       However, you should consider testing your account management scripts before use.

       The groupadd command lets the system administrator create new groups on the system, by specifying the group name and GID. When the  GID	is
       not specified (with the -g option), the GID defaults to the next available (unique) number.

       The  -x	option	lets the system administrator specify whether the new group is local or distributed over a network.  If this option is not
       specified on the command line, the system adds the new group to the appropriate database as specified by the system defaults.

       The default behavior on the system for the groupadd command is distributed=0 and local=1.  With these values, the system adds the group	to
       the  local  database by default.  Setting the distributed= and local= attributes to the same value (for example, distributed=0 and local=0)
       produces an error.

       You must have superuser privilege to execute this command.

RESTRICTIONS

       You cannot specify more than 255 characters on a single command line.  However, lines can be split to an appropriate length.   If  you  try
       and enter too many new groups, the group file may be corrupted.

       The  pc_synchronize default value is not used for groupadd, groupmod, and groupdel. UNIX and PC groups cannot be synchronized and therefore
       must be created separately. Use the command groupadd -P xdomain to create a PC group named xdomain.	Then,  use  the  command  groupadd
       xdomain to create a UNIX group named xdomain.

EXIT STATUS

       The groupadd command exits with one of the following values: Success.  Failure.	Warning.

EXAMPLES

       The following example adds the group, newgroup, to the group database with a system-provided GID: % groupadd newgroup The following example
       adds the group, newgroup, to the group database with a GID of 451: % groupadd -g 451 newgroup The following example adds  the  group,  new-
       group, to the NIS master database % groupadd -x distributed=1 newgroup The following example adds the PC group, projectX with members JoeMc
       and HiteshC: % groupadd -x members=JoeMc,HiteshC,  projectX The following example adds the PC group, newgroup and provides  a  description
       field "common project group": % groupadd -P -x pc_group_description="common project group"  projectX

FILES

       The groupadd command operates on files for the specific level of system security.

SEE ALSO

       Commands:  groupdel(8), groupmod(8), useradd(8), userdel(8), usermod(8)

       System Administration

       Security

       Advanced Server for UNIX administration and configuration documents.

																       groupadd(8)
All times are GMT -4. The time now is 11:16 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy