similar to: Adding an AD group to /etc/sudoers?

# cat /proc/sys/kernel/ngroups_max 65536 # sysctl kernel.ngroups_max kernel.ngroups_max = 65536 Is there a way to change/look at AUTH_SYS? Seems I have 28 groups now as my user I tried created a test user with much less groups but it turns out it is on all those other groups. As such I tried winbind nested groups=no but this doesn't seem to change anything. On Tue, Dec 8, 2015 at 5:05

# id username|sed "s/,/\n/g"|wc -l 155 # id|sed "s/,/\n/g"|wc -l 28 On Tue, Dec 8, 2015 at 2:56 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > wbinfo -r username > shows the gid of it > and a bunch of -1's id guess for groups without gid's > my user belongs to 155 groups is there a problem with that many groups? > > On Tue, Dec 8,

ok after fighting to get my groups sorted out for my test user I created an "sudoer" group and added "jefftest" to "sudoer" > id jefftest uid=11507(jefftest) gid=8513(domain users) groups=8513(domain users),31020(sudoer) and added "sudoer" to /etc/sudoers like so %sudoer ALL=(ALL) ALL now when I login as jefftest I can run commands using sudo back to

Jeff, After ssh try to run: newgrp it and then sudo. See if it will work, then you'll have to figure out what's going on with the users groups membership. Regards, Matt ________________________________ From: Jeff Sadowski <jeff.sadowski at gmail.com> Sent: Wednesday, December 9, 2015 10:08 AM To: Mattias Zhabinskiy; samba Subject: Re: [Samba] Adding an AD group to

Jeff, To find out maximum number of groups allowed per user run: cat /proc/sys/kernel/ngroups_max or sysctl kernel.ngroups_max but AFAIK AUTH_SYS has a limit of 16, so I would try to either create a test account, add it to the "it" group and test it with sudo, or trim your account membership to 16 or less groups. Regards, Matt ________________________________ From: Jeff Sadowski

wbinfo -r username shows the gid of it and a bunch of -1's id guess for groups without gid's my user belongs to 155 groups is there a problem with that many groups? On Tue, Dec 8, 2015 at 2:12 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > "id" alone does not show my user in the it group > "id username" does > why would id alone give different

I can't seem to get this working and here is what I have done so far. I am using samba 4.1.6 my /etc/samba/smb.conf looks like so security = ads realm = DOMAIN.LONG workgroup = DOMAIN idmap config * : backend = tdb idmap config * : range = 2000-7999 idmap config DOMAIN:backend = ad idmap config DOMAIN:range = 8000-9999999 idmap config DOMAIN:schema_mode = rfc2307

You either have to list the full group name in sudoers IE: DOMIN\groupname or use the option "winbind use default domain = yes" for one thing. I'm not sure if you need enumeration but I like seeing domain users and groups with getent so I have the options winbind enum users = yes winbind enum groups = yes On Mon, May 2, 2016 at 6:11 AM, Sketch <smblist at rednsx.org> wrote:

On 19/12/14 13:22, Rich Webb wrote: > Matt, > > Thanks for the reply. I'm not trying to add the "users" group. I'm > trying to add the "Domain Users" group. That is the reason for the \ in > front of the space. It's translated as a literal. I think I could also > put quotes around it and not have to use the \ and the space. > > The

What's the content of your /etc/nsswitch.conf? Am 19. Dezember 2014 14:22:56 MEZ, schrieb Rich Webb <rwebb at zylatech.com>: >Matt, > >Thanks for the reply. I'm not trying to add the "users" group. I'm >trying to add the "Domain Users" group. That is the reason for the \ >in >front of the space. It's translated as a literal. I think

I just tried that and I got the same error. I think there is some extended acl support that I'm missing somewhere. It's like the setfacl command is not recognizing the AD groups as valid groups. I should also add the following information: This server is built up on CentOS 6.6 Minimal using the Sernet-Samba Enterprise packages. It looks like the binary that is running is

Im did not follow the complete thread, but you can check the following. smb.conf ## map id's outside to domain to tdb files. idmap config *:backend = tdb idmap config *:range = 50001-80000 ## map ids from the domain the range may not overlap ! idmap config DOMAIN:backend = ad idmap config DOMAIN:schema_mode = rfc2307 idmap config DOMAIN:range = 10000-40000 winbind

Hi, I have a DC on samba 4.17.12 I want store sudoers in LDAP, and use sssd for get rules from LDAP. I was configured sssd.conf [sssd] config_file_version = 2 services = nss, pam, sudo user = _sssd domains = TEST.ALT [nss] [sudo] [pam] [domain/TEST.TLD] dyndns_update = true id_provider = ad auth_provider = ad chpass_provider = ad access_provider = ad default_shell = /bin/bash

On Fri, 24 Nov 2023 13:30:13 +0500 Anton Shevtsov via samba <samba at lists.samba.org> wrote: > Hi, > > I have a DC on samba 4.17.12 > > I want store sudoers in LDAP, and use sssd for get rules from LDAP. > > I was configured sssd.conf > > [sssd] > config_file_version = 2 > services = nss, pam, sudo > user = _sssd > domains = TEST.ALT > >

24.11.2023 14:57, Rowland Penny via samba ?????: > On Fri, 24 Nov 2023 13:30:13 +0500 > Anton Shevtsov via samba<samba at lists.samba.org> wrote: > >> Hi, >> >> I have a DC on samba 4.17.12 >> >> I want store sudoers in LDAP, and use sssd for get rules from LDAP. >> >> I was configured sssd.conf >> >> [sssd] >>

On 19/12/14 13:40, Rich Webb wrote: > Running CentOS 6.6 > Using the Sernet Enterprise packages - sernet-samba-ad. > > Just tried: > > getent group "Domain Users" > getent group DOMAIN\\Domain\ Users > > and neither command returned any entries. > > Rich > > -----Original Message----- > From: samba-bounces at lists.samba.org >

Hi all, I am planning to edit sudoers files in /etc. when i open this wiht vim command and change some thing it said "this file is read only" Is this okay to change the status of sudoers files. or any implication? please point Regards, Vijay Shanker Dubey Ph: +91-9818311884 -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hello Everyone, I am trying to change our /etc/sudoers (using visudo) to allow 2 commands to be run as root without a password, but it isn't working. Here is the part of the sudoers file that is in question. # User alias specification User_Alias FULLACCESS = doug, scott # members of the FULLACCESS User_Alias may run chown and chmod without a password FULLACCESS ALL = (root) NOPASSWD:

Hi guys and congrats for bringing a fantastic project to the open source world. I' ve setup a samba4 pdc succefully and i am able to do domain logins. I was also able to add the automount schema into the ldb. But when it comes to sudoers schema i cant import it in. Further system details: Debian wheezy 7, samba 4.0.6 compiled from source, sudo-ldap standard binary package from repos. I have

My experience with RHEL and CentOS is quite limited, andwould classify me as novice.? I have been running CentOS 6for a little over a year and recently brought up a CentOS 7system as a virtual machine under Windows 7. One of the first things I usually do after installation isedit the /etc/sudoers file using visudo to give a specificuser or specific users privileges as indicated in the fileexcerpt