search for: sudoers_base

Hello list, I am running an openldap 2.4 server under FreeBSD that was working well until the config was tweaked by someone on the team without properly documenting their work # /usr/local/etc/ldap.con on ldap server (FreeBSD 8.1) host LBSD.summitnjhome.com base dc=summitnjhome,dc=com sudoers_base ou=sudoers,ou=Services,dc=summitnjhome,dc=com binddn cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com bindpw {SSHA}secret scope sub pam_password exop nss_base_passwd ou=staff,dc=summitnjhome,dc=com nss_base_shadow ou=staff,dc=summitnjhome,dc=com # grep for ldap account shows ldap account on the lda...

...(netgroup chinbeards) to sudo about. I am not using sssd though (yet). Here is the output of me trying sudo (debug on): [raub at centos5-x64 ~]$ sudo pwd LDAP Config Summary =================== uri ldap://idir1.internal.domain.com/ ldap://idir2.internal.domain.com/ ldap_version 3 sudoers_base ou=SUDOers,dc=domain,dc=com binddn (anonymous) bindpw (anonymous) bind_timelimit 120000 timelimit 120 ssl start_tls tls_cacertdir /etc/openldap/cacerts =================== sudo: ldap_initialize(ld, ldap://idir1.internal.domain.com/ ldap://idir2.inter...

...nf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never URI ldap://ldap.acadaca.net/ BASE dc=acadaca,dc=net TLS_CACERTDIR /etc/openldap/cacerts sudoers_base ou=sudoers,ou=Services,dc=acadaca,dc=net In my openldap logs on the LDAP server there appears to be no activity when I sudo. however in the secure logs on the client I do.. Nov 8 16:05:34 VIRCENT03 su: pam_unix(su-l:session): session opened for user root by bluethundr(uid=500) Nov 8 16:05:37 V...

...PS/test:] groups Domain Users Domain Admins Schema Admins Enterprise Admins ghba8 unix adminL CERTSVC_DCOM_ACCESS [pepsrh5.peps.local:test:/home/PEPS/test:] sudo su - LDAP Config Summary =================== uri ldaps://pepsdc1.peps.local/ ldaps://pepsdc2.peps.local/ ldap_version 3 sudoers_base ou=SUDOers,dc=peps,dc=local binddn <bind user> bindpw <bind user pwd> bind_timelimit 3000 timelimit 3 ssl yes tls_checkpeer (no) tls_cacertdir /etc/openldap/cacerts/ =================== sudo: ldap_initialize(ld, ldaps://pepsdc1.peps.lo...

Hello All, I am currently changing my samba linux clients (Debian) from sssd binding to winbind. With sssd I had all sudo rules within the samba active directory. The configuration was based on: https://lists.samba.org/archive/samba/2016-April/199402.html Is there some guideline like the one mentioned available/has someone already experience with this for winbind based clients? Within the

...; to the ou of the device and based on the "ldap_sudo_search_base" config from sudo-sssd devices apply one the one matching for them. (nearly the same way as group policy linking in windows works) I think in case of switching I need to work with "SUDOERS_SEARCH_FILTER" or "SUDOERS_BASE" option... maybe I will check. Louis once guided me to: https://github.com/thctlo/samba4/tree/master/howtos Are these how-to compliant to what you mention about samba support & winbind? > > > > > > > > Checking file: /etc/samba/smb.conf > > > >...

Hello Rowland, thanks for your help. Below my comments Am Sa., 6. Apr. 2019 um 14:32 Uhr schrieb Rowland Penny via samba < samba at lists.samba.org>: > On Sat, 6 Apr 2019 10:58:15 +0200 > Martin Krämer via samba <samba at lists.samba.org> wrote: > > > Hello everyone, > > > > I have setup two Samba AD DC's running Debian 9 with BIND9_DLZ dns > >

...; config from sudo-sssd devices >> > > apply one the one matching for them. >> > > (nearly the same way as group policy linking in windows works) >> > > I think in case of switching I need to work with >> > > "SUDOERS_SEARCH_FILTER" or "SUDOERS_BASE" option... maybe I will >> > > check. >> > >> > From memory, sudo-ldap works in much the same way as sssd, the only >> > real difference is the lack of a cache, but, from my experience, this >> > would be the last thing on your mind if something...