How to authenticate AD users on SLES/SLED
This document (7001912) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise Desktop 10 Service Pack 1
SUSE Linux Enterprise Server 10 Service Pack 2
SUSE Linux Enterprise Server 10 Service Pack 1
SUSE Linux Enterprise Server 9 Service Pack 4
Step 2: [OPTIONAL] It is possible to restrict which users in Active Directory can login, by their group membership. The easiest way to so this is below:
b. On SLES/SLED, Find out the SID number of the SSH group created in Step 2, use the command:
Output will look like this:
S-1-5-21-3169155090-2081415613-2343130028-1107 Domain Group (2)
The SID is the long S-xxx number, not including the "Domain Group (2)" portion.
auth required pam_winbind.so require_membership_of=S-1-5-21-3169155090-2081415613-2343130028-1107 krb5_auth try_first_pass
D. Users logging through ssh may need to use domain\user@host syntax.
For example, user "user1" on domain NET may have to use:
E. To check whether a user is a member of group "group1"
First find out the group id using the command format:
The output will look like this:
Then check the group membership list for the user:
The output will list group numbers which that user belongs to, like this:
10002 <-- this is the id of group1, so the user is a member
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7001912
- Creation Date: 18-Nov-2008
- Modified Date:16-Mar-2021
- SUSE Linux Enterprise Desktop
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com