The following syntax shows the proper form of a group entry:
groupname:password:gid:user-list |
See the group(4) for man page for more information.
The nss_ad module retrieves information from AD as follows:
groupname – Field uses the value of the samAccountName AD attribute and is qualified by the domain name in which the object resides, for example, admins@example.
password – Field is left empty because the Windows groups do not have passwords.
gid – Field uses the Windows group's SID from the objectSID AD attribute, which is mapped to the GID by using the idmap service.
user-list – Field is left empty.