So once you get LikeWise setup, one of the first things that comes up is howto restrict access to prevent just anyone from being able to login. Â You can leverage Active Directory groups via LikeWise to require a user to have membership of one of the group(s) you define.
LikeWise changed how this is done from previous versions, now you need to edit the LW registry like so:
sudo /opt/likewise/bin/lwregshell set_value ‘[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\]’ RequireMembershipOf “domain\\domain^admins” “domain\\unix^admins”
Yes you need the double slash–this escapes the slash properly. Â Also if it isn’t obvious replace domain with your domain name. Â You can specify as many groups as you want, just encase in quotes and leave a space as shown above. Â Now you simply refresh the Local Security Service like so:
sudo /opt/likewise/bin/lwsm refresh lsass
And your done, easy-peasy with LikeWise
Some things to note:
- Remember to escape the slash between domain & user with a slash (double slash)
- Use ^ in place of spaces
- Obviously replace DOMAIN with your domain
- If you have problems try dropping case on the group names
July 21st, 2011 at 10:51 am
This command only worked for me when i removed single quotes from key value, like this:
set_value [HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\] RequireMembershipOf “domain\\domain^admins” “domain\\unix^admins”
otherwise it was giving me error “40600 – LWREG_ERROR_NO_SUCH_KEY_OR_VALUE].
July 25th, 2011 at 8:48 pm
Thanks for pointing that out Darius, I might have screwed up my copy pasta 😉