search for: sudorol

Hi, I'm having hard time getting sssd_sudo to work: when sssd_sudo accesses Samba ldap with host principal 'dc1$@teemu.local' it can't read necessary attributes like objectclass: sudoRole. When accessing as Administrator all attributes are shown. How can I enable other users then Administrator to access sudoers' attributes? Below is an example. [root at dc1 var]# kinit administrator at TEEMU.LOCAL Password for administrator at TEEMU.LOCAL: Warning: Your password will expire in...

...nal info: objectClass: value #1 invalid per syntax ============================================= And this is the file I am trying to import sudoers2.ldif: ============================================ dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com objectClass: top objectClass: sudoRole cn: defaults description: Default sudoOption's go here dn: cn=root,ou=sudoers,ou=Services,dc=summitnjhome,dc=com objectClass: top objectClass: sudoRole cn: root sudoUser: root sudoHost: ALL sudoRunAsUser: ALL sudoCommand: ALL dn: cn=%wheel,ou=sudoers,ou=Services,dc=summitnjhome,dc=com object...

...TEEMU.LOCAL SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <ou=SUDOers,dc=teemu,dc=local> with scope subtree # filter: (objectclass=*) # requesting: ALL # # reima, SUDOers, teemu.local dn: CN=reima,OU=SUDOers,DC=teemu,DC=local objectClass: top objectClass: sudoRole cn: reima instanceType: 4 whenCreated: 20140625194650.0Z whenChanged: 20140625194650.0Z uSNCreated: 3799 uSNChanged: 3799 name: reima objectGUID:: U1paZdVOSke2zmInSenFTg== objectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=teemu,DC=local sudoUser: reima sudoHost: ALL sudoCommand: ALL distin...

...ributeSchema) and tried to import them in but i had no luck. I googled around but came up nothing about it. This is the error i get: ERR: (Invalid attribute syntax) "LDAP error 21 LDAP_INVALID_ATTRIBUTE_SYNTAX - <0000200B: objectclass_attrs: attribute 'mayContain' on entry 'CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com' contains at least one invalid value!> <>" on DN CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com at block before line 31.

...d and? nsswitch.conf ... sudoers: files sss ... I ?reated OU=sudoers,dc=test,dc=tld, but stopped during creation sudo entries like as cn=username1,ou=sudoers,dc=test,dc=tld cn=username2,ou=sudoers,dc=test,dc=tld I read https://lists.samba.org/archive/samba/2016-April/199402.html , but i have sudoRole objectclass (i see in ADSI on Windows side. It would be better without using Windows). Also, i have not *schema.ActiveDirectory* for import to Samba. How i can add sudoRole objectclass ? -- *Anton*

...... > > I ?reated OU=sudoers,dc=test,dc=tld, but stopped during creation sudo > entries like as > > cn=username1,ou=sudoers,dc=test,dc=tld > cn=username2,ou=sudoers,dc=test,dc=tld > > I read https://lists.samba.org/archive/samba/2016-April/199402.html , > but i have sudoRole objectclass (i see in ADSI on Windows side. It > would be better without using Windows). > Also, i have not *schema.ActiveDirectory* for import to Samba. > > How i can add sudoRole objectclass ? > > It is quite easy to extend Samba AD to add the sudo schema, see here for more...

...d OU=sudoers,dc=test,dc=tld, but stopped during creation sudo >> entries like as >> >> cn=username1,ou=sudoers,dc=test,dc=tld >> cn=username2,ou=sudoers,dc=test,dc=tld >> >> I readhttps://lists.samba.org/archive/samba/2016-April/199402.html , >> but i have sudoRole objectclass (i see in ADSI on Windows side. It >> would be better without using Windows). >> Also, i have not *schema.ActiveDirectory* for import to Samba. >> >> How i can add sudoRole objectclass ? >> >> > It is quite easy to extend Samba AD to add the sudo...

Hello All, I am currently changing my samba linux clients (Debian) from sssd binding to winbind. With sssd I had all sudo rules within the samba active directory. The configuration was based on: https://lists.samba.org/archive/samba/2016-April/199402.html Is there some guideline like the one mentioned available/has someone already experience with this for winbind based clients? Within the

...eed any modifications before i add it to samba? The following example allows users in group wheel to run any command on any host via sudo, dc=example,dc=com will be changed to refer to my domain. $ cat sudo_user dn: cn=%wheel,ou=SUDOers,dc=example,dc=com objectClass: top objectClass: sudoRole cn: %wheel sudoUser: %wheel sudoHost: ALL sudoCommand: ALL ldbadd -H /etc/samba/private/sam.ldb sudo_user \ --option="dsdb:schema update allowed"=true and how do i index the 'sudoUser' attribute? all corrections welcome. Shadrock

On Thu, 21 Apr 2016, John Gardeniers wrote: > Good news, I now have this working. Once I finish writing my notes I'll make > them available to whoever might want them. Good to hear. I tried to get his working by following some of the online docs and the sudoers docs, and never did get it to work. It'd be great if someone could put this up on the Samba wiki when it's

..., it shows a filter in the request of: Filter: (&(&(cn=smtp)(ipServiceProtocol=dccp))(objectclass=ipService)) and there are 4 attributes in the request - objectClass, cn, ipServicePort, ipServiceProtocol Whereas on the CentOS 7 server, the filter looks like this: Filter: (&(objectClass=sudoRole)(|(|(|(|(|(|(|(|(|(!(sudoHost=*))(sudoHost=ALL))(sudoHost= ldaptest7.company.com ))(sudoHost=ldaptest7))(sudoHost=192.168.193.62))(sudoHost= 192.168.192.0/23))(sudoHost=fe80::5054:ff:fef2:26ed))(sudoHost=fe80::/6 with 13 attributes - objectClass, cn, and a bunch of sudo attributes. The response f...

...es with the correct ones for the current directory (attempting to implement under CentOS 5.4) and even tho the correct schemas are in place it is choking on this entry: # defaults, sudoers, Services, acadaca.com dn: cn=defaults,ou=sudoers,ou=Services,dc=acadaca,dc=net objectClass: top objectClass: sudoRole cn: defaults description: Default sudoOption's go here And again I should have all the schemas in place to make this work... include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include...

...https://bugzilla.samba.org/show_bug.cgi?id=10398 (plus we are > 4.1 here): [root at dc01 ~]# ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN=rule,OU=SUDOers,DC=example,DC=com" -s base objectClass ... # record 1 dn: CN=rule,OU=SUDOers,DC=example,DC=com objectClass: top objectClass: sudoRole If I run a dbcheck I see a number of these for various objects: Values/Order of values do/does not match: ... ERROR: Normalisation error for attribute 'objectClass' in ... But none of the out of objects affected are what blows up the domain join. If I look at the meta data in binary...

...ug.cgi?id=10398 (plus we are > 4.1 here): > > [root at dc01 ~]# ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN=rule,OU=SUDOers,DC=example,DC=com" -s base objectClass > ... > # record 1 > dn: CN=rule,OU=SUDOers,DC=example,DC=com > objectClass: top > objectClass: sudoRole > > > > If I run a dbcheck I see a number of these for various objects: > > Values/Order of values do/does not match: ... > ERROR: Normalisation error for attribute 'objectClass' in ... > > > > But none of the out of objects affected are what blows up the d...