search for: sudous

Hello All, I am currently changing my samba linux clients (Debian) from sssd binding to winbind. With sssd I had all sudo rules within the samba active directory. The configuration was based on: https://lists.samba.org/archive/samba/2016-April/199402.html Is there some guideline like the one mentioned available/has someone already experience with this for winbind based clients? Within the

...main,dc=com sudo: ldap sudoOption: 'env_keep+=SSH_AGENT_PID' sudo: ldap sudoOption: 'env_keep+=SSH_AUTH_SOCK' sudo: ldap sudoOption: 'env_keep+=SVN_SSH' sudo: ldap sudoOption: 'env_reset' sudo: ldap sudoOption: 'ignore_local_sudoers' sudo: ldap search '(|(sudoUser=raub)(sudoUser=%raub)(sudoUser=%chinbeards)(sudoUser=ALL))' sudo: ldap search 'sudoUser=+*' sudo: found:cn=defaults,ou=SUDOers,dc=domain,dc=com sudo: ldap sudoUser netgroup '+chinbeards' ... MATCH! sudo: ldap sudoHost 'ALL' ... MATCH! sudo: ldap sudoCommand 'ALL...

...ap sudoOption: 'syslog_goodpri=alert' sudo: ldap sudoOption: '!env_reset' sudo: ldap sudoOption: 'log_year' sudo: ldap sudoOption: 'log_host' sudo: ldap sudoOption: 'insults' sudo: ldap sudoOption: 'logfile=/var/log/sudo.log' sudo: ldap search '(|(sudoUser=test)(sudoUser=%Domain Users)(sudoUser=%ghba8)(sudoUser=%unix)(sudoUser=%CERTSVC_DCOM_ACCESS)(sudoUser=ALL))' sudo: found:CN=ghba8,OU=SUDOers,DC=peps,DC=local <-- here we can see that the user has been found into the sec. group ghba8 <-- here below there are the matching sudo auth...

...============================== dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com objectClass: top objectClass: sudoRole cn: defaults description: Default sudoOption's go here dn: cn=root,ou=sudoers,ou=Services,dc=summitnjhome,dc=com objectClass: top objectClass: sudoRole cn: root sudoUser: root sudoHost: ALL sudoRunAsUser: ALL sudoCommand: ALL dn: cn=%wheel,ou=sudoers,ou=Services,dc=summitnjhome,dc=com objectClass: top objectClass: sudoRole cn: %wheel sudoUser: %wheel sudoHost: ALL sudoRunAsUser: ALL sudoCommand: ALL sudoOption: !authenticate dn: cn=%summitnjops,ou=sudoers,ou=Se...

...i add it to samba? The following example allows users in group wheel to run any command on any host via sudo, dc=example,dc=com will be changed to refer to my domain. $ cat sudo_user dn: cn=%wheel,ou=SUDOers,dc=example,dc=com objectClass: top objectClass: sudoRole cn: %wheel sudoUser: %wheel sudoHost: ALL sudoCommand: ALL ldbadd -H /etc/samba/private/sam.ldb sudo_user \ --option="dsdb:schema update allowed"=true and how do i index the 'sudoUser' attribute? all corrections welcome. Shadrock

...dovecot.org> wrote: ... >> Is there anyway for dsync to avoid moving Gigabytes of data for could >> just be "moved" by moving the mount? > > > Not tested but you can probably do something like this in the target server: > > doveadm backup -u victim -R ssh sudouser at old-server "sudo doveadm dsync-server -o mail_location=sdbox:/location-to-your-sdbox/ -u victim" > > just leave ALT storage path from the setting. I'll have to test this... but my initial guess would be that doveadm would then think the mails has disappeared. Would it th...

...=teemu,DC=local objectClass: top objectClass: sudoRole cn: reima instanceType: 4 whenCreated: 20140625194650.0Z whenChanged: 20140625194650.0Z uSNCreated: 3799 uSNChanged: 3799 name: reima objectGUID:: U1paZdVOSke2zmInSenFTg== objectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=teemu,DC=local sudoUser: reima sudoHost: ALL sudoCommand: ALL distinguishedName: CN=reima,OU=SUDOers,DC=teemu,DC=local # SUDOers, teemu.local dn: OU=SUDOers,DC=teemu,DC=local objectClass: top objectClass: organizationalUnit ou: SUDOers instanceType: 4 whenCreated: 20140625194301.0Z whenChanged: 20140625194301.0Z uSNCre...

...=teemu,DC=local objectClass: top objectClass: sudoRole cn: reima instanceType: 4 whenCreated: 20140625194650.0Z whenChanged: 20140625194650.0Z uSNCreated: 3799 uSNChanged: 3799 name: reima objectGUID:: U1paZdVOSke2zmInSenFTg== objectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=teemu,DC=local sudoUser: reima sudoHost: ALL sudoCommand: ALL distinguishedName: CN=reima,OU=SUDOers,DC=teemu,DC=local # SUDOers, teemu.local dn: OU=SUDOers,DC=teemu,DC=local objectClass: top objectClass: organizationalUnit ou: SUDOers instanceType: 4 whenCreated: 20140625194301.0Z whenChanged: 20140625194301.0Z uSNCre...

Hi! I'm currently running an small imap-server on Dovecot 2.2.4 but will retire that server. I've set up an new server with Dovecot 2.3.4 and will migrate the mailboxes (maildir-format) from the old to the new server. I'm planning to restructure the accounts a bit when migrating so I need to move them one by one. Its only a few so thats not a big issue. Both servers are using

...nd if it should be run as user vmail or root. >> >> Would be greatful for any tips, hints, links or similiar. > > > Once you have the new server set up, you can use dsync over ssh to sync the mailboxes with something like: > > doveadm backup -u user at newserver -R ssh sudouser at oldserver sudo /usr/bin/doveadm dsync-server -u user at oldserver > > needs to be run as root on new server. Also ssh access with keys and without password is recommended. I used to run `doveadm backup` on the new server with glusterfs and at the middle of the sync the glusterfs is gon...

Hi, I was wondering... If one had mdbox ALT path set to a shared storage mount (say, on NFS) and one wanted to move a mailbox to a different host... I guess it in principle wouldn't be necessary to copy all the ALT storage through dsync, when the volume could just be mounted on the new host. Is there anyway for dsync to avoid moving Gigabytes of data for could just be "moved" by

...pd[450]: <= bdb_equality_candidates: (sambaSID) not indexed Oct 6 10:04:32 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSID) not indexed Oct 6 10:05:18 ldap1 slapd[450]: <= bdb_equality_candidates: (cn) not indexed Oct 6 10:05:18 ldap1 slapd[450]: <= bdb_substring_candidates: (sudoUser) not indexed Oct 6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (cn) not indexed Oct 6 10:05:58 ldap1 slapd[450]: <= bdb_substring_candidates: (sudoUser) not indexed Oct 6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaDomainName) not indexed Oct 6 10:05:58 ld...

...t task and if it should be run as user vmail or root. >> >> Would be greatful for any tips, hints, links or similiar. > > Once you have the new server set up, you can use dsync over ssh to sync the mailboxes with something like: > > doveadm backup -u user at newserver -R ssh sudouser at oldserver sudo /usr/bin/doveadm dsync-server -u user at oldserver > > needs to be run as root on new server. Also ssh access with keys and without password is recommended. > > Sami > >

...DOMAIN\groupname…  just groupname to >> show.   I don’t remember why this was causing me problems… just that >> this was the main reason. > > You mean something like this: > > getent group Domain\ Users > domain > users:x:10000:testuser,user27,saducuser,testuser2,sudouser,user26,swanadmin,ktestuser,testuser1,example$,kte..... > > > If it didn't work for you, then your smb.conf was mis-configured. > >> >> At the time, I found that the documentation for integrating AD with >> Linux was best documented… in particular at RedHat:...

Hello Rowland, We’ve been using SSSD with Acitve Directory for a few years now… It’s been solid for us. Our Linux clients use the AD-Kerberos via SSSD for secure NFS4 mounts with POSIX attributes defined in AD (uidNumber, gidNumber, unixHomeDirectory, loginShell). Before putting into production, I tested using Winbind and could not get it to do what I wanted. If I remember correctly, I had

...at I need to perform that task and if it should be run as user vmail or root. > > Would be greatful for any tips, hints, links or similiar. Once you have the new server set up, you can use dsync over ssh to sync the mailboxes with something like: doveadm backup -u user at newserver -R ssh sudouser at oldserver sudo /usr/bin/doveadm dsync-server -u user at oldserver needs to be run as root on new server. Also ssh access with keys and without password is recommended. Sami

...user vmail or root. >>> >>> Would be greatful for any tips, hints, links or similiar. >> >> Once you have the new server set up, you can use dsync over ssh to >> sync the mailboxes with something like: >> >> doveadm backup -u user at newserver -R ssh sudouser at oldserver sudo >> /usr/bin/doveadm dsync-server -u user at oldserver >> >> needs to be run as root on new server. Also ssh access with keys and >> without password is recommended. >> >> Sami >> >>

...when the volume could just be mounted on the new host. > > Is there anyway for dsync to avoid moving Gigabytes of data for could > just be "moved" by moving the mount? Not tested but you can probably do something like this in the target server: doveadm backup -u victim -R ssh sudouser at old-server "sudo doveadm dsync-server -o mail_location=sdbox:/location-to-your-sdbox/ -u victim" just leave ALT storage path from the setting. Sami

...>>> Is there anyway for dsync to avoid moving Gigabytes of data for could >>> just be "moved" by moving the mount? >> >> >> Not tested but you can probably do something like this in the target server: >> >> doveadm backup -u victim -R ssh sudouser at old-server "sudo doveadm dsync-server -o mail_location=sdbox:/location-to-your-sdbox/ -u victim" >> >> just leave ALT storage path from the setting. > > > I'll have to test this... but my initial guess would be that doveadm > would then think the mails...

...r vmail or root. >>> >>> Would be greatful for any tips, hints, links or similiar. >> >> >> Once you have the new server set up, you can use dsync over ssh to sync the mailboxes with something like: >> >> doveadm backup -u user at newserver -R ssh sudouser at oldserver sudo /usr/bin/doveadm dsync-server -u user at oldserver >> >> needs to be run as root on new server. Also ssh access with keys and without password is recommended. > > I used to run `doveadm backup` on the new server with glusterfs and at the > middle of the sy...