setgid to AD group

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP








up vote
0
down vote

favorite












I have an ?Ubuntu 17.10 server that has been joined to an Azure AD domain using these instructions



Whenever a user's home folder is created I would like to set the group ID to that of a specifc AD group.



My objective: Any AD user can authenticate and have a home directory created. Any user that's part of the AD group "supervisors" can authenticate and see the data in everyone's /home directory.



setgid looks like the right way to go, but I can't find out how to reference AD groups. Searches all show solutions using SAMBA but I'm not using SAMBA shares.



-- Edit --
Further noodling shows that when a user's home directory is created by PAM it sets the group to "domain users". This a step in the right direction.



Anyone know how to change the default group that PAM users when the home directory is created?



Would my best bet be to run a cron job that periodically changes the GID?






permissions active-directory kerberos







share|improve this question



























    up vote
    0
    down vote

    favorite












    I have an ?Ubuntu 17.10 server that has been joined to an Azure AD domain using these instructions



    Whenever a user's home folder is created I would like to set the group ID to that of a specifc AD group.



    My objective: Any AD user can authenticate and have a home directory created. Any user that's part of the AD group "supervisors" can authenticate and see the data in everyone's /home directory.



    setgid looks like the right way to go, but I can't find out how to reference AD groups. Searches all show solutions using SAMBA but I'm not using SAMBA shares.



    -- Edit --
    Further noodling shows that when a user's home directory is created by PAM it sets the group to "domain users". This a step in the right direction.



    Anyone know how to change the default group that PAM users when the home directory is created?



    Would my best bet be to run a cron job that periodically changes the GID?






    permissions active-directory kerberos







    share|improve this question

























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I have an ?Ubuntu 17.10 server that has been joined to an Azure AD domain using these instructions



      Whenever a user's home folder is created I would like to set the group ID to that of a specifc AD group.



      My objective: Any AD user can authenticate and have a home directory created. Any user that's part of the AD group "supervisors" can authenticate and see the data in everyone's /home directory.



      setgid looks like the right way to go, but I can't find out how to reference AD groups. Searches all show solutions using SAMBA but I'm not using SAMBA shares.



      -- Edit --
      Further noodling shows that when a user's home directory is created by PAM it sets the group to "domain users". This a step in the right direction.



      Anyone know how to change the default group that PAM users when the home directory is created?



      Would my best bet be to run a cron job that periodically changes the GID?






      permissions active-directory kerberos







      share|improve this question















      I have an ?Ubuntu 17.10 server that has been joined to an Azure AD domain using these instructions



      Whenever a user's home folder is created I would like to set the group ID to that of a specifc AD group.



      My objective: Any AD user can authenticate and have a home directory created. Any user that's part of the AD group "supervisors" can authenticate and see the data in everyone's /home directory.



      setgid looks like the right way to go, but I can't find out how to reference AD groups. Searches all show solutions using SAMBA but I'm not using SAMBA shares.



      -- Edit --
      Further noodling shows that when a user's home directory is created by PAM it sets the group to "domain users". This a step in the right direction.



      Anyone know how to change the default group that PAM users when the home directory is created?



      Would my best bet be to run a cron job that periodically changes the GID?






      permissions active-directory kerberos




      permissions active-directory kerberos






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Feb 10 at 7:10

























      asked Feb 10 at 5:54









      Gavin Hill

      12




      12

























          active

          oldest

          votes











          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "89"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1004762%2fsetgid-to-ad-group%23new-answer', 'question_page');

          );

          Post as a guest






















          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1004762%2fsetgid-to-ad-group%23new-answer', 'question_page');

          );

          Post as a guest
































































          -

          Popular posts from this blog

          pylint3 and pip3 broken

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I have tried sudo apt remove --purge on various packages. I get the same when I reinstall. I have also tried reinstall using aptitude. This does not work. My current workaround is to run pylint3 as root, which works, but is bad practice. pip3 $ pip3 Traceback (most recent call last): File "/usr/lib/python3/dist-packages/pip/_vendor/__init__.py", line 33, in vendored __import__(vendored_name, globals(), locals(), level=0) ImportError: No module named 'pip._vendor.pkg_resources' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/bin/pip3", line 9, in <module> from pip import main File "/usr/lib/python3/dist-packages/pip/__init__.py", line 13, in <module> from pip.exceptions import InstallationError, CommandError, PipError File "/usr/lib/python3/dist-packages/pip/exceptions.py", line 6, ...
          Read more

          Missing snmpget and snmpwalk

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I have installed Zabbix appliance, directly preinstalled and found that there is missing snmpwalk and snmpget commands. I tried to install it with: apt-get install net-snmp-utils but I have error message: Unable to locate package. I have also check what from SNMP is preinstalled and there is: libsnmp-base libsnmp30:amd64 snmp-mibs-downloader snmpd snmptrapd snmptrapfmt How can I install snmpget and snmpwalk ? snmp zabbix share | improve this question edited Jan 29 at 10:10 Yaron 8,552 7 18 38 asked Jan 29 at 9:51 Alfista 1 apt install snmp perhaps ? If named differently - apt cache snmp – fugitive Jan 29 at 10:00 add a comment  |  up vote 0 down vote favorite I have installed Zabbix appliance, directly preinstalled and found that there is missing snmpwalk and snmpget commands. I tried...
          Read more

          How to enroll fingerprints to Ubuntu 17.10 with VFS491

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I decided to switch from Windows to Ubuntu 17.10, I meet it like 8 years ago and I didn't decided to switch until now (haha). Well, my actual device is an HP Probook 4540s with a Validity fingerprint sensor (VFS491). The fingerprint sensor worked fine on Windows but I can't get it to work in Ubuntu. The device is recognized as 138a:003d but is not detected as a fingerprint scanner by some apps like Fingerprint GUI. I want to use the fingerprint scanner to log in into my user account in Ubuntu but it doesn't supports fingerprints without special software and the drivers of the fingerprint scanner are available for Windows but not for any Linux distribution. I found something on GitHub (https://github.com/eekpie/libfprint) about the integration of the VFS491 in libfprint and I think it can help but I don't know what to do with it, so that's why I need the help of the community to do it since I am...
          Read more