Active IQ Unified Manager Discussions
We have a OCUM 5.2R1 running on a RedHat 6 host.
This work perfectly.
All our Linux server are connected to the Windows 2003 Active Directory Domain so we can login with our AD account via SSH and other protocols.
Everything that talks to PAM can talk to the AD, so I adjusted DFM to use PAM and created a PAM module:
[id984468@tnl1dmzmn09 ~]$ dfm options list | grep Pam
[id984468@tnl1dmzmn09 ~]$ sudo cat /etc/pam.d/dfm
# CentrifyDC DFM - DO NOT change this line
auth include system-auth
auth required pam_nologin.so
account include system-auth
password include system-auth
session include system-auth
Now I can successfully login to OnCommand using my AD account. BRAVO!
However when I add an AD group to OnCommand with the syntax "<AD>\Usergroup" I get the following reply:
Warning: RMGT\rmgt_dfm_admins does not exist in the administrator database(s), so login is disabled for this administrator.
Added administrator RMGT\rmgt_dfm_admins.
Added 1 role to administrator RMGT\rmgt_dfm_admins.
When I login as a user in from that usergroup I don't get the GlobalFullControl rights that I assigned to this usergroup.... aka, the usergroup doesn't work
When I search the KB I find the following article which doesn't make any sense to me:
Can anymore point me in the right direction?
Is there anyone who has the same setup and has AD usergroups working under Linux?
Any thoughts or comments are welcome.
See The Solution
Unfortunately usergroups wont work through PAM.
You will need to configure LDAP to communicate with AD.
View solution in original post