similar to: Samba 4 sudoers

On Thu, 2016-04-21 at 15:40 +1000, John Gardeniers wrote: > Good news, I now have this working. Once I finish writing my notes > I'll > make them available to whoever might want them. Just to clarify > things a > bit, here is what we have and what we wanted: > > * Linux users are authenticated by the Samba 4 domain controllers via > SSSD, which itself uses LDAP. >

On Thu, 21 Apr 2016, John Gardeniers wrote: > Good news, I now have this working. Once I finish writing my notes I'll make > them available to whoever might want them. Good to hear. I tried to get his working by following some of the online docs and the sudoers docs, and never did get it to work. It'd be great if someone could put this up on the Samba wiki when it's

Hi, I have a DC on samba 4.17.12 I want store sudoers in LDAP, and use sssd for get rules from LDAP. I was configured sssd.conf [sssd] config_file_version = 2 services = nss, pam, sudo user = _sssd domains = TEST.ALT [nss] [sudo] [pam] [domain/TEST.TLD] dyndns_update = true id_provider = ad auth_provider = ad chpass_provider = ad access_provider = ad default_shell = /bin/bash

On Mon, 2016-05-02 at 07:44 +1000, John Gardeniers wrote: > Hi Andrew, > > Please elaborate, as we're about to put it on Samba 4.2. Thanks. Please don't use 4.2 with the sudo schema. At a client, we have seen that cause database corruption when combined with multiple DCs, specifically duplicate values in the database that sssd really didn't like. It will also require you

On Fri, 24 Nov 2023 13:30:13 +0500 Anton Shevtsov via samba <samba at lists.samba.org> wrote: > Hi, > > I have a DC on samba 4.17.12 > > I want store sudoers in LDAP, and use sssd for get rules from LDAP. > > I was configured sssd.conf > > [sssd] > config_file_version = 2 > services = nss, pam, sudo > user = _sssd > domains = TEST.ALT > >

24.11.2023 14:57, Rowland Penny via samba ?????: > On Fri, 24 Nov 2023 13:30:13 +0500 > Anton Shevtsov via samba<samba at lists.samba.org> wrote: > >> Hi, >> >> I have a DC on samba 4.17.12 >> >> I want store sudoers in LDAP, and use sssd for get rules from LDAP. >> >> I was configured sssd.conf >> >> [sssd] >>

Hello All, I am currently changing my samba linux clients (Debian) from sssd binding to winbind. With sssd I had all sudo rules within the samba active directory. The configuration was based on: https://lists.samba.org/archive/samba/2016-April/199402.html Is there some guideline like the one mentioned available/has someone already experience with this for winbind based clients? Within the

I'm setting up a test domain in order to try out Sudoers LDAP and have run into a problem that has my puzzled. On our production domain I can run a query such as: ldapsearch -LLL -p389 -h DC -u me at ourdomain.com.au -W -X -LLL -b "dc=ourdomain,dc=com,dc=au" -s sub However, running an equivalent search on a freshly installed test domain, using the exact same version of Samba

Good news, I now have this working. Once I finish writing my notes I'll make them available to whoever might want them. Just to clarify things a bit, here is what we have and what we wanted: * Linux users are authenticated by the Samba 4 domain controllers via SSSD, which itself uses LDAP. * As we are a development house, we have a rather complex set of users/groups/permissions on the

Hi Rowland, Those low numbers you refer to are in fact the standard numbers assigned to those groups, so I fail to see the problem. As for mapping Administrator to root, I believe that's entirely optional, rather than required. Under normal circumstances we don't use the domain Administrator account at all. We have a root account we use instead. In regard to winbind, we have never

Hi Rowland, You say that winbind can do anything that sssd can, yet I've not been able to find winbind instructions similar to these for sssd: http://jhrozek.livejournal.com/3860.html Do you know of such instructions? More particularly, do you know how with winbind we can lock sudoers down to specific OUs? We need to do a lot more than basic authentication and simple file sharing. From

You either have to list the full group name in sudoers IE: DOMIN\groupname or use the option "winbind use default domain = yes" for one thing. I'm not sure if you need enumeration but I like seeing domain users and groups with getent so I have the options winbind enum users = yes winbind enum groups = yes On Mon, May 2, 2016 at 6:11 AM, Sketch <smblist at rednsx.org> wrote:

Hi Andrew, Please elaborate, as we're about to put it on Samba 4.2. Thanks. regards, John On 30/04/16 18:12, Andrew Bartlett wrote: > On Thu, 2016-04-21 at 15:40 +1000, John Gardeniers wrote: >> Good news, I now have this working. Once I finish writing my notes >> I'll >> make them available to whoever might want them. Just to clarify >> things a >>

Hi Andrew, I don't understand why 2 systems running the exact same version of Samba have different behaviour. Is this an option I can disable? regards, John On 19/04/16 11:29, Andrew Bartlett wrote: > On Tue, 2016-04-19 at 10:29 +1000, John Gardeniers wrote: >> I'm setting up a test domain in order to try out Sudoers LDAP and >> have >> run into a problem that has

Am Sa., 6. Apr. 2019 um 18:01 Uhr schrieb Rowland Penny via samba < samba at lists.samba.org>: > On Sat, 6 Apr 2019 17:21:26 +0200 > Martin Krämer <mk.maddin at gmail.com> wrote: > > > Hello Rowland, > > > > thanks for your help. > > Below my comments > > > > See here: > > > > > > http://apt.van-belle.nl/ > > >

Hi, I have a problem to list/access share from Windows client to share hosted on samba domain member server. I followed the instruction from https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member step by step but I used sssd instead of winbind for the authentication method. The Linux samba server is an Ubuntu server 16.04 and I successfully added this samba server to a awindows

Hi, I'm having hard time getting sssd_sudo to work: when sssd_sudo accesses Samba ldap with host principal 'dc1$@teemu.local' it can't read necessary attributes like objectclass: sudoRole. When accessing as Administrator all attributes are shown. How can I enable other users then Administrator to access sudoers' attributes? Below is an example. [root at dc1 var]# kinit

Hi, Basically, you just need to get your users available on your system. (either via winbind, or sssd) Once they are available, you can add them to sudoers just like 'normal' users. (because that's basically what they have become then) Works for us. MJ On 04/20/2016 06:18 AM, John Gardeniers wrote: > Has anyone here managed to get sudo working with Samba 4 AD users, using >

Hi, I've never been a Windows user, but I'm curious to see how the AD integration works in Linux, since it looks like we may need to have one or two Windows desktops and I don't realy want to start setting up Windows infrastructure. If I can have Samba as a domain controller that makes things a lot simpler. I have one question tho, the documentation suggests using the Microsoft

On 04/11/15 22:02, John Gardeniers wrote: > Thanks Marc, > > That's a nice unambiguous answer, so I'll stop looking. > > I really doubt I'll be doing any coding on Samba, so it's kind of > unlikely I'll be supplying a patch. If I did create a patch it would > be to return to BIND flat files, so that the DNS can be made fully > functional again. >