thanks for this. Worked like a treat in joining to the domain but now I can’t access as root, I can only access as my domain account which has no authority to do anything on the box. If I try accessing as my original user account I get an authentication failure. I can’t sudo under my domain account and obviously can’t modify sudoers.

Any advice?

I’m running Likewise 6 and Linux Mint 9.

Thanks for that – I’ve updated the post with a link to your hint.

Cheers!

You can specify usernames in the form user@domain (so tso940@domain in your example) – that might work?

Failing that, try just specifying the UID (again, in your case 1115247694).

We don’t usually configure users with more than 8 characters for application compatibility but I’ve changed my AIX 5.3 system to accept a 20 character user and although this works ok:

root@utajona2:/ # id domain\\tso940
uid=1115247694(domain\tso940) gid=1115161089(domain\domain^users) groups=1115243261(domain\cs-gpounrestricteduser),1115317722(domain\jlbrallowedrodcpasswordreplicationgroup),1115294180(domain\wrbrallowedrodcpasswordreplicationgroup),1115161766(domain\g_gpo-s-u^unres)

when I run the command to add my domain user to the local ldap group again, I get another (different) error:

root@utajona2:/ # usermod -G domain\\domain^users,domain\\cs-gpounrestricteduser,domain\\jlbrallowedrodcpasswordreplicationgroup,domain\\wrbrallowedrodcpasswordreplicationgroup,domain\\g_gpo-s-u^unres,ldap domain\\tso940

3004-687 User “domaintso940″ does not exist.

Something malformed there…

Jon

I’m not sure on the limit these days under Linux – a quick Google suggests at least 32 characters is fine.

This page seems to suggest that the limit in AIX was 8 character up until one of the 5.x releases, but it’s now 255 characters…

that’s pretty clearly working for you…my problem (and it could well be AIX) is that when I try to run this:-

root@utajona2:/ # usermod -G domain\\domain^users,domain\\cs-gpounrestricteduser,domain\\jlbrallowedrodcpasswordreplicationgroup,ldap domain\\username

I get the error:

3004-691 Error changing “domainusername” : Name is too long.

What’s the max username length in the version of Linux you were using above? In AIX it’s 8 so that could be the limit I’m hitting with this.

Cheers

Jon

I did it with usermod – it seems to work fine. Here’s what I’ve just done to add my user to the local ‘pulse’ group.

Before the change:-

root@therapy:~# id HMS\\asmith
uid=1794114690(HMS\asmith) gid=1794114049(HMS\domain^users)
groups=1794114049(HMS\domain^users),104(lpadmin),123(scard),
1794114673(HMS\hmstest),1794114048(HMS\domain^admins)

Adding my account to the ‘pulse’ group:-

root@therapy:~# usermod -G HMS\\domain^users,lpadmin,scard,
HMS\\hmstest,HMS\\domain^admins,pulse HMS\\asmith

And now checking the account afterwards:-

root@therapy:~# id HMS\\asmith
uid=1794114690(HMS\asmith) gid=1794114049(HMS\domain^users) 
groups=1794114049(HMS\domain^users),104(lpadmin),117(pulse),
123(scard), 1794114673(HMS\hmstest), 1794114048(HMS\domain^admins)

Looking at /etc/group shows we’ve been added:-

root@therapy:~# grep "^pulse:" /etc/group
pulse:x:117:HMS\asmith

This is under Linux though, so I don’t know if AIX treats things differently – my AIX exposure is limited to a handful of boxes I had to manage a few years back

What do you get if you type id DOMAINNAME\\jon – does the ldap group show up as one of the user’s groups?

usermod only seems to be valid for local users/groups. Did you make your group change by editing /etc/group (or Ubuntu equivalent) directly?

This is what I added to /etc/group:

ldap:!:206:DOMAINNAME\\jon

but when I try to access files with read permission assigned to the ldap group, I get permission denied.

Jon

Just realised that I have done this under Ubuntu, and it works.

Do you have any joy using usermod -G?