Stephen Potter
2017-01-10 02:24:37 UTC
I'm working on integrating our Linux environment with our AD
environment, following the Red Hat guide. Within AD, we have created a
OU specifically for our Unix environment (let's just call it
corp.local/Integration/Unix), within which we have created "Security
Groups" and "Servers". As each server is joined, we create the Computer
object within corp.local/Integration/Unix/Servers and we want to create
a security group called G_$HOST_Users where all the users who should
have access to that server will go.
We created a service account svc_unixauth which has full control rights
for computer objects in Servers and has full control rights for groups
within Security Groups. I perform a kinit svc_unixauth, then 'net ads
join creatcomputer="Integrations/Unix/Servers"' which creates the
computer object in the proper OU. I then am trying 'net ads group add
"Integrations/Unix/Security Groups/G_${HOSTNAME}_Users"', but get an
error about not having appropriate rights to create the group. Can
someone tell me if I'm doing this incorrectly or if I should be doing
something else. I've tried using "-U svc_unixauth" and providing the
password, just to ensure it is using the proper credentials. Once I get
the group created (add a default group of users added to it), then I'll
switch to a host-based keytab for ongoing authentication.
Thanks,
-spp
environment, following the Red Hat guide. Within AD, we have created a
OU specifically for our Unix environment (let's just call it
corp.local/Integration/Unix), within which we have created "Security
Groups" and "Servers". As each server is joined, we create the Computer
object within corp.local/Integration/Unix/Servers and we want to create
a security group called G_$HOST_Users where all the users who should
have access to that server will go.
We created a service account svc_unixauth which has full control rights
for computer objects in Servers and has full control rights for groups
within Security Groups. I perform a kinit svc_unixauth, then 'net ads
join creatcomputer="Integrations/Unix/Servers"' which creates the
computer object in the proper OU. I then am trying 'net ads group add
"Integrations/Unix/Security Groups/G_${HOSTNAME}_Users"', but get an
error about not having appropriate rights to create the group. Can
someone tell me if I'm doing this incorrectly or if I should be doing
something else. I've tried using "-U svc_unixauth" and providing the
password, just to ensure it is using the proper credentials. Once I get
the group created (add a default group of users added to it), then I'll
switch to a host-based keytab for ongoing authentication.
Thanks,
-spp
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/b64534c4-c410-e6ae-2a0e-b4e1d0459168%40unixsa.net.
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/b64534c4-c410-e6ae-2a0e-b4e1d0459168%40unixsa.net.