[Samba] Samba DC and alternate sudo login
Kees van Vloten
keesvanvloten at gmail.com
Tue May 14 15:49:45 UTC 2024
On 14-05-2024 15:11, Gregory Sloop via samba wrote:
>
>> On Mon, 13 May 2024 17:10:20 -0700
>> Gregory Sloop via samba <samba at lists.samba.org> wrote:
>>> I feel like this should be super easy, and that I must be doing
>>> something dumb, but I need to create another sudo user for the VM's
>>> the DC's are running on.
>>> I've created a "domain admin" equivalent user in AD - and perhaps
>>> this account can be used. I also attempted to create a local user and
>>> add them to the local sudo group, but that didn't seem to work.
>>> But I don't *need* an AD account. I can simply create a local user on
>>> each DC for sudo use, but I'll need a way that works. (When I attempt
>>> to create the local user, it prompts for the password, and then an NT
>>> password. And when I try to SSH/login to that local account, it
>>> fails.)
>> It shouldn't ask you for an NT password, how are you creating the
>> 'local' user ?
> As root I use;
> adduser
>
>
> I tried it again as a test.
> In the add-user process, I get a prompt for the "Current Kerberos password:" (I didn't pay a lot of attention the first time, when it asked for an NT password - so I'm not sure where that came up.)
>
> If I give it null passwords (just hit enter), I get
> passwd: Authentication token manipulation error
> passwd: password unchanged
I would suspect you pam is configured to use winbind as well...
>
> So, I'm a little puzzled.
if you install libuser (apt-get install libuser) you get a set of tools
that will always and only operate on local accounts, e.g. commands like
this:
lchsh, lchfn, lid, lnewusers, lgroupadd, luseradd, lgroupdel, luserdel,
lusermod, lgroupmod, lchage, lpasswd
- Kees.
>
> -Greg
>
More information about the samba
mailing list