Mike's Realm

sudo visudo

%DOMAIN\\linux^admins ALL=(ALL) ALL

When your done hit escape then type:

:wq

This will write the file out and exit visudo

Some things to note:

• The % MUST be the first character on the line
• Escape the slash between domain & user with a slash (double slash)
• Use ^ in place of spaces
• Obviously replace DOMAIN with your domain
• If you have problems try dropping case on the group name

sudo /opt/likewise/bin/lwregshell set_value ‘[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory]’ LoginShellTemplate /bin/bash

sudo /opt/likewise/bin/lwregshell set_value ‘[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\Local]’ LoginShellTemplate /bin/bash

sudo /opt/likewise/bin/lwsm refresh lsass

sudo /opt/likewise/bin/lw-ad-cache –delete-all

Enjoy

So once you get LikeWise setup, one of the first things that comes up is howto restrict access to prevent just anyone from being able to login.  You can leverage Active Directory groups via LikeWise to require a user to have membership of one of the group(s) you define.

LikeWise changed how this is done from previous versions, now you need to edit the LW registry like so:

sudo /opt/likewise/bin/lwregshell set_value ‘[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\]’ RequireMembershipOf “domain\\domain^admins” “domain\\unix^admins”

Yes you need the double slash–this escapes the slash properly.  Also if it isn’t obvious replace domain with your domain name.  You can specify as many groups as you want, just encase in quotes and leave a space as shown above.  Now you simply refresh the Local Security Service like so:

sudo /opt/likewise/bin/lwsm refresh lsass

And your done, easy-peasy with LikeWise

Some things to note:

• Remember to escape the slash between domain & user with a slash (double slash)
• Use ^ in place of spaces
• Obviously replace DOMAIN with your domain
• If you have problems try dropping case on the group names