Добавление пользователей домена в группу astra-admin

Nikolas

New member
Сообщения
9
#1
Добрый день!
Подскажите как добавить группу из Active Directory в группу astra-admin?
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false
_apt:x:104:65534::/nonexistent:/bin/false
aldd:x:105:109:ALD Daemon Account,,,:/var/lib/ald:/bin/false
Debian-exim:x:106:110::/var/spool/exim4:/bin/false
nslcd:x:107:111:nslcd name service LDAP connection daemon,,,:/var/run/nslcd/:/bin/false
messagebus:x:108:112::/var/run/dbus:/bin/false
statd:x:109:65534::/var/lib/nfs:/bin/false
ntp:x:110:115::/home/ntp:/bin/false
postgres:x:111:117:postgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
sshd:x:112:65534::/run/sshd:/usr/sbin/nologin
logcheck:x:113:118:logcheck system account,,,:/var/lib/logcheck:/bin/false
admin-sibi:x:1000:1000:,,,:/home/admin-sibi:/bin/bash
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:logcheck
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:admin-sibi
floppy:x:25:admin-sibi
tape:x:26:
sudo:x:27:adminsibi
audio:x:29:admin-sibi
dip:x:30:admin-sibi
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:admin-sibi
sasl:x:45:
plugdev:x:46:admin-sibi
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
systemd-journal:x:101:
systemd-timesync:x:102:
systemd-network:x:103:
systemd-resolve:x:104:
systemd-bus-proxy:x:105:
input:x:106:
crontab:x:107:
netdev:x:108:admin-sibi
aldd:x:109:
Debian-exim:x:110:
nslcd:x:111:
messagebus:x:112:
ssh:x:113:
lpadmin:x:114:admin-sibi
ntp:x:115:
ssl-cert:x:116:postgres
postgres:x:117:
logcheck:x:118:
lpmac:x:900:
admin-sibi:x:1000:
astra-admin:x:1001:admin-sibi
astra-console:x:333:admin-sibi
rdma:x:119:
winbindd_priv:x:120:
sambashare:x:121:


● winbind.service - Samba Winbind Daemon
Loaded: loaded (/lib/systemd/system/winbind.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-11-05 17:21:25 MSK; 30min ago
Docs: man:winbindd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 1217 (winbindd)
Status: "winbindd: ready to serve connections..."
Tasks: 5 (limit: 4915)
CGroup: /system.slice/winbind.service
├─1217 /usr/sbin/winbindd --foreground --no-process-group
├─1241 winbindd: domain child [YYYYYY]
├─1247 winbindd: domain child [ХХХХХХ]
├─1267 winbindd: idmap child
└─1269 winbindd: domain child [BUILTIN]
administrator
guest
defaultaccount
krbtgt
...
domain computers
domain controllers
schema admins
enterprise admins
cert publishers
domain admins
domain users
domain guests
group policy creator owners
ras and ias servers
allowed rodc password replication group
denied rodc password replication group
read-only domain controllers
enterprise read-only domain controllers
cloneable domain controllers
protected users
key admins
enterprise key admins
dnsadmins
dnsupdateproxy
dhcp users
dhcp administrators
...
Доменные пользователи логинятся нормально, но добавить группу в sudo я не могу :(
 

Nikolas

New member
Сообщения
9
#3
а можно произвольную группу добавить в группу astra-admin на стороне astra-linux? (у меня в АД ограниченный доступ только к своему контейнеру, а группа astra-admin в АД уже существует и не в моем контейнере :()