Mike's Realm chown -R us ./base

10Feb/112

LikeWise Open: Restrict Login by Groups

So once you get LikeWise setup, one of the first things that comes up is howto restrict access to prevent just anyone from being able to login.  You can leverage Active Directory groups via LikeWise to require a user to have membership of one of the group(s) you define.

LikeWise changed how this is done from previous versions, now you need to edit the LW registry like so:

sudo /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\]' RequireMembershipOf "domain\\domain^admins" "domain\\unix^admins"

Yes you need the double slash--this escapes the slash properly.  Also if it isn't obvious replace domain with your domain name.  You can specify as many groups as you want, just encase in quotes and leave a space as shown above.  Now you simply refresh the Local Security Service like so:

sudo /opt/likewise/bin/lwsm refresh lsass

And your done, easy-peasy with LikeWise

Some things to note:

  • Remember to escape the slash between domain & user with a slash (double slash)
  • Use ^ in place of spaces
  • Obviously replace DOMAIN with your domain
  • If you have problems try dropping case on the group names
Share
Comments (2) Trackbacks (0)
  1. This command only worked for me when i removed single quotes from key value, like this:

    set_value [HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\] RequireMembershipOf “domain\\domain^admins” “domain\\unix^admins”

    otherwise it was giving me error “40600 – LWREG_ERROR_NO_SUCH_KEY_OR_VALUE].


Leave a comment

No trackbacks yet.