[cups] Question about groups.
Douglas Kosovic
doug at uq.edu.au
Wed Feb 10 23:46:18 PST 2016
Hi Michael,
Are you using the SFU schema extension of Active Directory ? In AD we set the Unix UID and GID for each user.
On linux in our case, /etc/nslcd.conf from the nss-pam-ldapd package then does the mapping from AD.
Cheers,
Doug
> -----Original Message-----
> From: cups-bounces at cups.org [mailto:cups-bounces at cups.org] On Behalf
> Of Michael Walton
> Sent: Wednesday, 10 February 2016 2:54 PM
> To: cups at cups.org
> Subject: [cups] Question about groups.
>
> Hi again mailing list. I have set up cups with moderate success.
>
> However I have got a bit unstuck when it comes to active directory users and
> local groups on the server. I can add the active directory users
>
> to local groups without any issue. However when I was experimenting
>
> with cups it seemed to me that cups would take username at DOMAIN
>
> and convert it to just username (with the @DOMAIN suffix stripped) before
> testing for group membership. RIght now the only way I see to use groups
> for allow, deny lists is to create shadow users without logins for each domain
> user I want. For instance if I want to treat username at DOMAIN as in a group
> (from the point of view of cups) I have to create a local user called username
> and put username in the group.
>
> Am I wrong about this or is there a better workaround that doesn't involve
> creating local user accounts for no other purpose that this?
>
>
>
> Thank you,
>
> Michael Walton
> _______________________________________________
> cups mailing list
> cups at cups.org
> https://www.cups.org/mailman/listinfo/cups
More information about the cups
mailing list