search for: ldap_sudo_search_base

...= ad auth_provider = ad chpass_provider = ad access_provider = ad default_shell = /bin/bash fallback_homedir = /home/%d/%u debug_level = 0 ad_gpo_ignore_unreadable = true ad_gpo_access_control = permissive ad_update_samba_machine_account_password = true cache_credentials = false sudo_provider = ad ldap_sudo_search_base = ou=sudoers, dc=test, dc=tld and? nsswitch.conf ... sudoers: files sss ... I ?reated OU=sudoers,dc=test,dc=tld, but stopped during creation sudo entries like as cn=username1,ou=sudoers,dc=test,dc=tld cn=username2,ou=sudoers,dc=test,dc=tld I read https://lists.samba.org/archive/samba/2016-Apr...

...access_provider = ad > default_shell = /bin/bash > fallback_homedir = /home/%d/%u > debug_level = 0 > ad_gpo_ignore_unreadable = true > ad_gpo_access_control = permissive > ad_update_samba_machine_account_password = true > cache_credentials = false > sudo_provider = ad > ldap_sudo_search_base = ou=sudoers, dc=test, dc=tld > > and? nsswitch.conf > > ... > sudoers: files sss > ... > > I ?reated OU=sudoers,dc=test,dc=tld, but stopped during creation sudo > entries like as > > cn=username1,ou=sudoers,dc=test,dc=tld > cn=username2,ou=sudoers,dc=test,d...

...lt_shell = /bin/bash >> fallback_homedir = /home/%d/%u >> debug_level = 0 >> ad_gpo_ignore_unreadable = true >> ad_gpo_access_control = permissive >> ad_update_samba_machine_account_password = true >> cache_credentials = false >> sudo_provider = ad >> ldap_sudo_search_base = ou=sudoers, dc=test, dc=tld >> >> and? nsswitch.conf >> >> ... >> sudoers: files sss >> ... >> >> I ?reated OU=sudoers,dc=test,dc=tld, but stopped during creation sudo >> entries like as >> >> cn=username1,ou=sudoers,dc=test,dc=tld...

...on is as follows: cat /etc/sssd/conf.d/100_ad.conf [domain/ad_domain] ad_server = dc1, dc2 ad_domain = DOMAIN.COM krb5_realm = DOMAIN.COM dyndns_update = false id_provider = ad auth_provider = ad access_provider = ad cache_credentials = True ad_access_filter = (uidNumber=*) ldap_id_mapping = False ldap_sudo_search_base = OU=Linux,DC=domain,DC=com debug_level = 8 [sssd] domains = ad_domain services = nss, sudo, pam config_file_version = 2 [nss] homedir_substring = /home vetoed_shells = /usr/local/bin/bash shell_fallback = /usr/bin/bash cat /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE...

On Thu, 21 Apr 2016, John Gardeniers wrote: > Good news, I now have this working. Once I finish writing my notes I'll make > them available to whoever might want them. Good to hear. I tried to get his working by following some of the online docs and the sudoers docs, and never did get it to work. It'd be great if someone could put this up on the Samba wiki when it's

...local id_provider = ipa auth_provider = ipa access_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt ipa_hostname = 192-168-0-110.local chpass_provider = ipa ipa_server = _srv_, 192-168-0-100.local dns_discovery_domain = 192-168-0-100.local sudo_provider = ldap ldap_uri = ldap://192-168-0-100.local ldap_sudo_search_base = ou=sudoers,dc=local ldap_sasl_mech = GSSAPI ldap_sasl_authid = host/192-168-0-100.local at LOCAL ldap_sasl_realm = local krb5_server = 192-168-0-100.local [sssd] services = nss, pam, ssh, sudo config_file_version = 2 domains = 192-168-0-100.local [nss] [pam] [sudo] [autofs] [ssh] [pac] #...

...main/ad_domain] > ad_server = dc1, dc2 > ad_domain = DOMAIN.COM > krb5_realm = DOMAIN.COM > dyndns_update = false > id_provider = ad > auth_provider = ad > access_provider = ad > cache_credentials = True > ad_access_filter = (uidNumber=*) > ldap_id_mapping = False > ldap_sudo_search_base = OU=Linux,DC=domain,DC=com > debug_level = 8 > > [sssd] > domains = ad_domain > services = nss, sudo, pam > config_file_version = 2 > > [nss] > homedir_substring = /home > vetoed_shells = /usr/local/bin/bash > shell_fallback = /usr/bin/bash > > cat /etc/krb5....

...; ad_domain = DOMAIN.COM > > krb5_realm = DOMAIN.COM > > dyndns_update = false > > id_provider = ad > > auth_provider = ad > > access_provider = ad > > cache_credentials = True > > ad_access_filter = (uidNumber=*) > > ldap_id_mapping = False > > ldap_sudo_search_base = OU=Linux,DC=domain,DC=com > > debug_level = 8 > > > > [sssd] > > domains = ad_domain > > services = nss, sudo, pam > > config_file_version = 2 > > > > [nss] > > homedir_substring = /home > > vetoed_shells = /usr/local/bin/bash > >...

...p > hm...this is how I currently use sssd & sudo: https://linux.die.net/man/5/sssd-sudo I think with sudo-ldap you refere to the following: https://www.sudo.ws/man/1.8.17/sudoers.ldap.man.html ? As of today my sudo rules are "linked" to the ou of the device and based on the "ldap_sudo_search_base" config from sudo-sssd devices apply one the one matching for them. (nearly the same way as group policy linking in windows works) I think in case of switching I need to work with "SUDOERS_SEARCH_FILTER" or "SUDOERS_BASE" option... maybe I will check. Louis once guided me...

Hello Rowland, thanks for your help. Below my comments Am Sa., 6. Apr. 2019 um 14:32 Uhr schrieb Rowland Penny via samba < samba at lists.samba.org>: > On Sat, 6 Apr 2019 10:58:15 +0200 > Martin Krämer via samba <samba at lists.samba.org> wrote: > > > Hello everyone, > > > > I have setup two Samba AD DC's running Debian 9 with BIND9_DLZ dns > >

...net/man/5/sssd-sudo >> > > I think with sudo-ldap you refere to the following: >> > > https://www.sudo.ws/man/1.8.17/sudoers.ldap.man.html ? >> > > As of today my sudo rules are "linked" to the ou of the device and >> > > based on the "ldap_sudo_search_base" config from sudo-sssd devices >> > > apply one the one matching for them. >> > > (nearly the same way as group policy linking in windows works) >> > > I think in case of switching I need to work with >> > > "SUDOERS_SEARCH_FILTER" or &...