similar to: Adding an AD group to /etc/sudoers?

wbinfo -r username shows the gid of it and a bunch of -1's id guess for groups without gid's my user belongs to 155 groups is there a problem with that many groups? On Tue, Dec 8, 2015 at 2:12 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > "id" alone does not show my user in the it group > "id username" does > why would id alone give different

Jeff, To find out maximum number of groups allowed per user run: cat /proc/sys/kernel/ngroups_max or sysctl kernel.ngroups_max but AFAIK AUTH_SYS has a limit of 16, so I would try to either create a test account, add it to the "it" group and test it with sudo, or trim your account membership to 16 or less groups. Regards, Matt ________________________________ From: Jeff Sadowski

"id" alone does not show my user in the it group "id username" does why would id alone give different results? which is odd because as my username I can get into a folder that has 0760 permissions with user as root and it as the group as for %it ALL=(ALL) ALL instead of: %it ALL=(ALL:ALL) ALL seems to work the same On Tue, Dec 8, 2015 at 1:29 PM, Mattias Zhabinskiy <

Jeff, After ssh try to run: newgrp it and then sudo. See if it will work, then you'll have to figure out what's going on with the users groups membership. Regards, Matt ________________________________ From: Jeff Sadowski <jeff.sadowski at gmail.com> Sent: Wednesday, December 9, 2015 10:08 AM To: Mattias Zhabinskiy; samba Subject: Re: [Samba] Adding an AD group to

# id username|sed "s/,/\n/g"|wc -l 155 # id|sed "s/,/\n/g"|wc -l 28 On Tue, Dec 8, 2015 at 2:56 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > wbinfo -r username > shows the gid of it > and a bunch of -1's id guess for groups without gid's > my user belongs to 155 groups is there a problem with that many groups? > > On Tue, Dec 8,

ok after fighting to get my groups sorted out for my test user I created an "sudoer" group and added "jefftest" to "sudoer" > id jefftest uid=11507(jefftest) gid=8513(domain users) groups=8513(domain users),31020(sudoer) and added "sudoer" to /etc/sudoers like so %sudoer ALL=(ALL) ALL now when I login as jefftest I can run commands using sudo back to

# cat /proc/sys/kernel/ngroups_max 65536 # sysctl kernel.ngroups_max kernel.ngroups_max = 65536 Is there a way to change/look at AUTH_SYS? Seems I have 28 groups now as my user I tried created a test user with much less groups but it turns out it is on all those other groups. As such I tried winbind nested groups=no but this doesn't seem to change anything. On Tue, Dec 8, 2015 at 5:05

You either have to list the full group name in sudoers IE: DOMIN\groupname or use the option "winbind use default domain = yes" for one thing. I'm not sure if you need enumeration but I like seeing domain users and groups with getent so I have the options winbind enum users = yes winbind enum groups = yes On Mon, May 2, 2016 at 6:11 AM, Sketch <smblist at rednsx.org> wrote:

Hi, I have a DC on samba 4.17.12 I want store sudoers in LDAP, and use sssd for get rules from LDAP. I was configured sssd.conf [sssd] config_file_version = 2 services = nss, pam, sudo user = _sssd domains = TEST.ALT [nss] [sudo] [pam] [domain/TEST.TLD] dyndns_update = true id_provider = ad auth_provider = ad chpass_provider = ad access_provider = ad default_shell = /bin/bash

On Fri, 24 Nov 2023 13:30:13 +0500 Anton Shevtsov via samba <samba at lists.samba.org> wrote: > Hi, > > I have a DC on samba 4.17.12 > > I want store sudoers in LDAP, and use sssd for get rules from LDAP. > > I was configured sssd.conf > > [sssd] > config_file_version = 2 > services = nss, pam, sudo > user = _sssd > domains = TEST.ALT > >

Hi all, I think this has been asked in one form or another, but my problem so far is i''m not sure of the terminology or nomenclature to use in my search string to find out my answer... So, here is my question.. I have lots of systems/instances, like most of us, and like most of they are spread across different tiers and environments. ie. dev/stg/prod i''ve setup my puppet

24.11.2023 14:57, Rowland Penny via samba ?????: > On Fri, 24 Nov 2023 13:30:13 +0500 > Anton Shevtsov via samba<samba at lists.samba.org> wrote: > >> Hi, >> >> I have a DC on samba 4.17.12 >> >> I want store sudoers in LDAP, and use sssd for get rules from LDAP. >> >> I was configured sssd.conf >> >> [sssd] >>

Hello Everyone, I am trying to change our /etc/sudoers (using visudo) to allow 2 commands to be run as root without a password, but it isn't working. Here is the part of the sudoers file that is in question. # User alias specification User_Alias FULLACCESS = doug, scott # members of the FULLACCESS User_Alias may run chown and chmod without a password FULLACCESS ALL = (root) NOPASSWD:

I followed the setup instructions from http://www.owlriver.com/tips/non-root/ (link from the Centos wiki). All this is done on another 'clean' system, so I have to read the terminal screen there and tell what went wrong here. I then followed my colleague's instructions to get the tar, untar, autogen, configure, and finally make rpm. Well it was that make rpm command that finally

Hi all, I am planning to edit sudoers files in /etc. when i open this wiht vim command and change some thing it said "this file is read only" Is this okay to change the status of sudoers files. or any implication? please point Regards, Vijay Shanker Dubey Ph: +91-9818311884 -------------- next part -------------- An HTML attachment was scrubbed... URL:

On Tue, 13 Mar 2018 16:05:53 -0600 Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > On Tue, Mar 13, 2018 at 4:03 PM, Rowland Penny via samba > <samba at lists.samba.org> wrote: > > On Tue, 13 Mar 2018 15:57:35 -0600 > > Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > > > >> On Tue, Mar 13, 2018 at 12:54 PM, Rowland Penny via samba >

Hi guys and congrats for bringing a fantastic project to the open source world. I' ve setup a samba4 pdc succefully and i am able to do domain logins. I was also able to add the automount schema into the ldb. But when it comes to sudoers schema i cant import it in. Further system details: Debian wheezy 7, samba 4.0.6 compiled from source, sudo-ldap standard binary package from repos. I have

My experience with RHEL and CentOS is quite limited, andwould classify me as novice.? I have been running CentOS 6for a little over a year and recently brought up a CentOS 7system as a virtual machine under Windows 7. One of the first things I usually do after installation isedit the /etc/sudoers file using visudo to give a specificuser or specific users privileges as indicated in the fileexcerpt

On Tue, 13 Mar 2018 15:57:35 -0600 Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > On Tue, Mar 13, 2018 at 12:54 PM, Rowland Penny via samba > <samba at lists.samba.org> wrote: > > On Tue, 13 Mar 2018 12:13:32 -0600 > > Jeff Sadowski via samba <samba at lists.samba.org> wrote: > > > >> My smb.conf file looks like so > >> >

Hi, I was previously using an EC2 AMI where i was logging as root, and i could bootstrap nodes. I am now using Amazon AMIs ( http://aws.amazon.com/fr/amazon-linux-ami ) and they require login as ec2-user. The problem is that if i run puppet node bootstrap --login ec2-user, it will detect it and run my install script as with sudo, which is fine, but sudo will not run it because it is configured by