Mike's Realm chown -R us ./base

12Feb/112

LikeWise Open: Adding Domain Group to Sudoers File

So now that your cranking using LikeWise, you want to use it for all your admins and you need to give them access to sudo all.
Run visudo as normal:
sudo visudo
Then add a line at the bottom like so: (remember to press I to switch to edit mode so you can add this)
%DOMAIN\\linux^admins ALL=(ALL) ALL

When your done hit escape then type:

:wq

This will write the file out and exit visudo

Some things to note:

  • The % MUST be the first character on the line
  • Escape the slash between domain & user with a slash (double slash)
  • Use ^ in place of spaces
  • Obviously replace DOMAIN with your domain
  • If you have problems try dropping case on the group name
Share
Tagged as: , 2 Comments
11Feb/115

LikeWise Open: Change Default Shell

LikeWise by default will have users on /bin/sh since not all systems have bash--correct that and make your users happy:
sudo /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory]' LoginShellTemplate /bin/bash
sudo /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\Local]' LoginShellTemplate /bin/bash
Then simply refresh Local Security Service:
sudo /opt/likewise/bin/lwsm refresh lsass
Now you also need to clear LikeWise's Active Directory Cache if users have already logged in and you want it to take effect immediately:  (if this is done during setup you can skip this step)
sudo /opt/likewise/bin/lw-ad-cache --delete-all

Enjoy

Share
Tagged as: , 5 Comments
10Feb/112

LikeWise Open: Restrict Login by Groups

So once you get LikeWise setup, one of the first things that comes up is howto restrict access to prevent just anyone from being able to login.  You can leverage Active Directory groups via LikeWise to require a user to have membership of one of the group(s) you define.

LikeWise changed how this is done from previous versions, now you need to edit the LW registry like so:

sudo /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\]' RequireMembershipOf "domain\\domain^admins" "domain\\unix^admins"

Yes you need the double slash--this escapes the slash properly.  Also if it isn't obvious replace domain with your domain name.  You can specify as many groups as you want, just encase in quotes and leave a space as shown above.  Now you simply refresh the Local Security Service like so:

sudo /opt/likewise/bin/lwsm refresh lsass

And your done, easy-peasy with LikeWise

Some things to note:

  • Remember to escape the slash between domain & user with a slash (double slash)
  • Use ^ in place of spaces
  • Obviously replace DOMAIN with your domain
  • If you have problems try dropping case on the group names
Share
Tagged as: , 2 Comments