โ06-01-2023 03:38 PM
We have recently migrated identity management for our company to JumpCloud. We have an Ubuntu 22.04 server with Samba shares that has stopped updating the groups in /etc/group. Changes made in JumpCloud admin (adding users to groups and adding sudo to accounts) are not getting synched with the server. As a result, new users cannot access the shares unless we manually edit /etc/group. Users with the correct UID are added to the server, but the groups are not updated. On running service jcagent status, we see multiple entries of:
chfn[31880]: Authentication failure
Not sure if that's a red erring or not.
Has anyone seen this behaviour before?
Thanks
โ06-12-2023 11:30 AM - edited โ08-02-2024 06:27 PM
@iainronayne JumpCloud will add/remove users from the sudo group if you bind the user to a Linux device that is being managed through the JumpCloud device agent. JumpCloud will not create or manage "user groups" (from within the JumpCloud admin portal) as local groups on a Linux device. EDIT: See Below
The primary means to manage other local user groups on a Linux machine itself would be to do this manually, or through the COMMANDs capability within JumpCloud (Basically the COMMANDS capability allow the device agent to operate as a root user and open a hidden terminal to run scripts)
EDIT:
Thanks to @crobar's comment below! You are correct, there IS a way to use the JumpCloud user groups and propagate them to the managed Linux device. There are some steps involved here;
getent group
(or cat /etc/group
) to see the groups on a device, groups username
to see the groups a user is bound to.โ07-18-2024 08:41 PM
I don't understand this answer since in group settings on the 'Details' tab there is an option 'Create Linux group for this user group', where you then choose the linux name and GID for the group, and indeed this group is created on the device. The only missing step is to add the correct users to the groups.
I understand why the OP is frustrated, because the current setup requires you to manually add users to the samba group on the device, and JumpCloud can't be used to manage this. Users can't access the samba resource until they are added to the local Linux group.
โ08-02-2024 06:29 PM
I went ahead and edited my above comment. After some digging I think there is a fairly elegant manner which JumpCloud can manage those user groups on a Linux device, especially helpful with larger numbers of devices and groups.
New to the site? Take a look at these additional resources:
Ready to join us? You can register here.