Active IQ Unified Manager Discussions

Defining usergroups in OCUM 5.2R1 on Linux connected with AD via PAM

borisaelen
3,184 Views

Dear community.

We have a OCUM 5.2R1 running on a RedHat 6 host.

This work perfectly.

All our Linux server are connected to the Windows 2003 Active Directory Domain so we can login with our AD account via SSH and other protocols.

Everything that talks to PAM can talk to the AD, so I adjusted DFM to use PAM and created a PAM module:

[id984468@tnl1dmzmn09 ~]$ dfm options list | grep Pam

authUsePam                            Yes

[id984468@tnl1dmzmn09 ~]$ sudo cat /etc/pam.d/dfm

# CentrifyDC DFM - DO NOT change this line

auth       include      system-auth

auth       required     pam_nologin.so

account    include      system-auth

password   include      system-auth

session    include      system-auth

Now I can successfully login to OnCommand using my AD account. BRAVO!

However when I add an AD group to OnCommand with the syntax "<AD>\Usergroup" I get the following reply:

Warning: RMGT\rmgt_dfm_admins does not exist in the administrator database(s), so login is disabled for this administrator.

Added administrator RMGT\rmgt_dfm_admins.

Added 1 role to administrator RMGT\rmgt_dfm_admins.

When I login as a user in from that usergroup I don't get the GlobalFullControl rights that I assigned to this usergroup.... aka, the usergroup doesn't work

When I search the KB I find the following article which doesn't make any sense to me:

https://kb.netapp.com/support/index?page=content&id=3010441&actp=search&viewlocale=en_US&searchid=1400055041146

Can anymore point me in the right direction?

Is there anyone who has the same setup and has AD usergroups working under Linux?

Any thoughts or comments are welcome.

Thanks,

Boris

1 ACCEPTED SOLUTION

borisaelen
3,184 Views

Unfortunately usergroups wont work through PAM.

You will need to configure LDAP to communicate with AD.

View solution in original post

1 REPLY 1

borisaelen
3,185 Views

Unfortunately usergroups wont work through PAM.

You will need to configure LDAP to communicate with AD.

Public