search for: unixadmins

...ld be grateful if you could share your thoughts. >> >> /Davor >> > > How about this: > > ssh into the DC, either as root or as a user that can use sudo (you > can use kerberos, but I am not going into that here) > > Create the group: > samba-tool group add unixadmins --gid-number=GID_NUMBER > --nis-domain=NIS_DOMAIN > > Add the group to Administrators: > samba-tool group addmembers Administrators unixadmins > > Add the required users to unixadmins, they should get the same rights > as if they were directly members of Administrators. >...

Howdy folks, I'm having an issue with sudo not recognizing nested groups via AD and winbind. I have an AD group called UnixAdmins and when I ad and AD account *directly* into this group, I am able to use sudo just fine as it is in the sudoers. *but* say I have a nested group in UnixAdmins like CustomerUsers or whatnot it won't recognize. Now, I also restrict access via pam.d systems-auth to UnixAdmins, so I know that part...

...gt;>>> >>>> >>> How about this: >>> >>> ssh into the DC, either as root or as a user that can use sudo (you can >>> use kerberos, but I am not going into that here) >>> >>> Create the group: >>> samba-tool group add unixadmins --gid-number=GID_NUMBER >>> --nis-domain=NIS_DOMAIN >>> >>> Add the group to Administrators: >>> samba-tool group addmembers Administrators unixadmins >>> >>> Add the required users to unixadmins, they should get the same rights as >>>...

.... >>> >>> /Davor >>> >>> >> How about this: >> >> ssh into the DC, either as root or as a user that can use sudo (you can >> use kerberos, but I am not going into that here) >> >> Create the group: >> samba-tool group add unixadmins --gid-number=GID_NUMBER >> --nis-domain=NIS_DOMAIN >> >> Add the group to Administrators: >> samba-tool group addmembers Administrators unixadmins >> >> Add the required users to unixadmins, they should get the same rights as >> if they were directly member...

...>>> >>>>> ssh into the DC, either as root or as a user that can use sudo >>>>> (you can >>>>> use kerberos, but I am not going into that here) >>>>> >>>>> Create the group: >>>>> samba-tool group add unixadmins --gid-number=GID_NUMBER >>>>> --nis-domain=NIS_DOMAIN >>>>> >>>>> Add the group to Administrators: >>>>> samba-tool group addmembers Administrators unixadmins >>>>> >>>>> Add the required users to unixadmins,...

...gt; How about this: >>>> >>>> ssh into the DC, either as root or as a user that can use sudo (you >>>> can >>>> use kerberos, but I am not going into that here) >>>> >>>> Create the group: >>>> samba-tool group add unixadmins --gid-number=GID_NUMBER >>>> --nis-domain=NIS_DOMAIN >>>> >>>> Add the group to Administrators: >>>> samba-tool group addmembers Administrators unixadmins >>>> >>>> Add the required users to unixadmins, they should get the same...

On 2015-10-29 09:52, Rowland Penny wrote: > On 29/10/15 08:34, Davor Vusir wrote: >> Hi all! >> >> We have got many delegations in our AD. To add a certain >> administrator group to the local Administrators group you can use GPO >> for Windowsservers. As Samba does not understand GPO I have initially >> used the "username map" feature to add a

...;>>> ssh into the DC, either as root or as a user that can use sudo >>>>>> (you can >>>>>> use kerberos, but I am not going into that here) >>>>>> >>>>>> Create the group: >>>>>> samba-tool group add unixadmins --gid-number=GID_NUMBER >>>>>> --nis-domain=NIS_DOMAIN >>>>>> >>>>>> Add the group to Administrators: >>>>>> samba-tool group addmembers Administrators unixadmins >>>>>> >>>>>> Add the requir...

...t way than what I have described. > > I would be grateful if you could share your thoughts. > > /Davor > How about this: ssh into the DC, either as root or as a user that can use sudo (you can use kerberos, but I am not going into that here) Create the group: samba-tool group add unixadmins --gid-number=GID_NUMBER --nis-domain=NIS_DOMAIN Add the group to Administrators: samba-tool group addmembers Administrators unixadmins Add the required users to unixadmins, they should get the same rights as if they were directly members of Administrators. samba-tool group addmembers unixadmins...

...managehome => true, } @ssh_authorized_key { "seph-2008": ensure => present, key => "...", type => "ssh-dss", name => "seph@macbook-2008", user => seph, } } class user::unixadmins inherits user::virtual { realize( User["seph"], ssh_authorized_key["seph-2008"], ) } node test { include user::unixadmins } I correctly get the user seph, but not the ssh authorized key. If I switch to a real ssh_authorized_key by removing the @,...

...?H1", uid => "8050", comment => "Lucy Moore", gid => "100", home => "/home/lmoore", ensure => "present", shell => "/usr/bin/bash", managehome => true, } } # unixadmins.pp # # Realize the members of the Unix team and include any contractors class virtual_users::unixadmins inherits virtual_users::virtual { # Realize our team members realize( Group["users"], ) realize( User["lmoore"], ) } #init.pp #virtual...

...tting_up_a_Share_Using_POSIX_ACLs > > > # chmod 700 /u01/test > # chown root:root /u01/test > # setfacl -m group::--- /u01/test > # setfacl -m default:group::--- /u01/test > # setfacl -m other::--- /u01/test > # setfacl -m default:other::--- /u01/test > # setfacl -m group:unixadmins:rwx /u01/test > # setfacl -m default:group:unixadmins:rwx /u01/test > > > smb.conf > >  [test] >   comment = test >   path = /u01/test >   read only = No >   inherit acls = yes > > > Dale

I noticed this today, I had a user outside of our department test out dovecot. They were using squirrelmail and I noticed that dovecot thinks this user is subscribed to ALL public folders even though a dovecot ACL prevents all access. I'm pretty sure access is still denied. I was able to reproduce this with a guest account I added: l lsub "" "#shared/decs/%" * LSUB

I was trying to debug this with gdb, but I'm not sure how to make env MAIL=maildir:~/Maildir MAIL_PLUGINS=acl ACL=vfile gdb /tmp/imap understand the #shared/decs namespace from below so I can SELECT it. I have a number of maildirs under #ahared/decs, I tried opening at least 2 of them but dovecot gives sig 11 without a direct error about the problem. I don't think this was exactly the

Hi Vincent, have you found a solution that makes "force directory mode = 2770" able to apply to new created folders ? I have a similar problem: if I set by hand (eg. chmod 2770) the folder A and then I try to create an X element into that folder through samba I get the result needed ( group of X become overriden from parent folder A ) but the problem is that the new element X not

...t;> >> >> # chmod 700 /u01/test >> # chown root:root /u01/test >> # setfacl -m group::--- /u01/test >> # setfacl -m default:group::--- /u01/test >> # setfacl -m other::--- /u01/test >> # setfacl -m default:other::--- /u01/test >> # setfacl -m group:unixadmins:rwx /u01/test >> # setfacl -m default:group:unixadmins:rwx /u01/test >> >> >> smb.conf >> >>  [test] >>   comment = test >>   path = /u01/test >>   read only = No >>   inherit acls = yes >> >> >> Dale >

ACL plugin still disabled. The folders listed below definitely do have Children. telnet session problem example in 1.1b4: * OK Dovecot ready. ? login mcdouga9 password ? OK Logged in. 9 LIST "" "#shared/decs/%" * LIST (\HasNoChildren) "/" "#shared/decs/support" * LIST (\HasNoChildren) "/" "#shared/decs/receipts" * LIST (\HasNoChildren)

...spec[last()]/host_group/command NOPASSWD: ALL", "set spec[last()]/host_group/command/runas_user ALL", ], } In that example, the command line looked like this: "set spec[last()]/host_group/command ALL", I added NOPASSWD: and it barfs with this message: err: //user::unixadmins/User::Virtual::Sudoer[joe]/Augeas[sudojoe]/ returns: change from need_to_run to 0 failed: Save failed with return code false The problem seems to be the colon '':'' since NOPASSWD:ALL also fails but this doesn''t error: "set spec[last()]/host_group/command NOPASSWD A...

Hi all, I want to use puppet to distribute keys to multiple users. I wanted to do something like we have already: - define a key per real person - define groups containing several keys, people can be in multiple groups - deploy these groups of keys to specific users however it looks like the ssh_authorized_key resource ties a key and a user together so it looks like I fall at the first