[opensuse] openSUSE windows Active Directory and OU=
I have an openSUSE 11.x machine that has joined the local Windows Active Directory. It is working great. Windows folk can log in and a $HOME is made on the fly if it does not exist. But you knew there would be more... We have thousands of users in the Active Directory. I really do not want all of them to have access. In the LDAP entry, there is a OU= field for those I want to be able to log in. Is it possible to limit login to those in some specified OU= ? I set this up in YaST, and did not see anything there related to this. Perhaps it is something I should add to the smb.conf file? -- Roger Oberholtzer OPQ Systems / Ramböll RST Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden Office: Int +46 10-615 60 20 Mobile: Int +46 70-815 1696 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, Nov 18, 2009 at 05:09:21PM +0100, Roger Oberholtzer wrote:
I have an openSUSE 11.x machine that has joined the local Windows Active Directory. It is working great. Windows folk can log in and a $HOME is made on the fly if it does not exist.
But you knew there would be more...
- automaticall mounted home from the file server or something like roaming profiles/ homes. - unique uids on all Linux workstations.
We have thousands of users in the Active Directory. I really do not want all of them to have access. In the LDAP entry, there is a OU= field for those I want to be able to log in. Is it possible to limit login to those in some specified OU= ?
See the ldap setting examples from the samba-doc package in /usr/share/doc/packages/samba/examples/smb.conf.SUSE Plus the explanations in the smb.conf man page. Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
On Fri, 2009-11-20 at 22:28 +0100, Lars Müller wrote:
- automaticall mounted home from the file server or something like roaming profiles/ homes.
There are such directories on the net for users. I have not looked in to how they could be mounted. As it turns out, the users here log in to their Windows systems via Novell Client for Windows. I know that on their Windows boxes that is how they get these additional drives. I have used the Novell Client for Linux, but I am unclear how to fit all that with PAM/SAMBA/AD.
- unique uids on all Linux workstations.
We have thousands of users in the Active Directory. I really do not want all of them to have access. In the LDAP entry, there is a OU= field for those I want to be able to log in. Is it possible to limit login to those in some specified OU= ?
See the ldap setting examples from the samba-doc package in /usr/share/doc/packages/samba/examples/smb.conf.SUSE
Plus the explanations in the smb.conf man page.
Will do. Thanks for the pointer. -- You can't just ask customers what they want and then try to give that to them. By the time you get it built, they'll want something new. -- Steve Jobs Roger Oberholtzer Ramböll RST/OPQ Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden Office: Int +46 8-615 60 20 Mobile: Int +46 70-815 1696 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, 2009-11-20 at 22:28 +0100, Lars Müller wrote:
On Wed, Nov 18, 2009 at 05:09:21PM +0100, Roger Oberholtzer wrote:
I have an openSUSE 11.x machine that has joined the local Windows Active Directory. It is working great. Windows folk can log in and a $HOME is made on the fly if it does not exist.
But you knew there would be more...
- automaticall mounted home from the file server or something like roaming profiles/ homes. - unique uids on all Linux workstations.
We have thousands of users in the Active Directory. I really do not want all of them to have access. In the LDAP entry, there is a OU= field for those I want to be able to log in. Is it possible to limit login to those in some specified OU= ?
See the ldap setting examples from the samba-doc package in /usr/share/doc/packages/samba/examples/smb.conf.SUSE
Plus the explanations in the smb.conf man page.
I have now looked here. I am none the wiser. I have also looked around the 'net and am still in the dark. The closest I came was to use the Limit Users samba directive, and then list all the users I want to allow. This seems not to be in the spirit of what I want to accomplish. In addition, one is then probably required to change the '\' separator in the user name to be a '+', and inform all the Windows users about this oddity. Is this really the only way? Given all that samba and ldap are doing, it seems like an odd omission. I suspect it is rather a lack of docs rather than a lack of functionality. But who can really tell. -- Roger Oberholtzer OPQ Systems / Ramböll RST Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden Office: Int +46 10-615 60 20 Mobile: Int +46 70-815 1696 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
Lars Müller -
Roger Oberholtzer