[Samba] Samba DC and alternate sudo login

Greg Sloop <gregs@sloop.net> gregs at sloop.net
Tue May 14 16:23:48 UTC 2024 

Wow. Cool.
Learn something new every day! :)
I'll try that!
Thanks so much.

On Tue, May 14, 2024 at 8:51 AM Kees van Vloten via samba <
samba at lists.samba.org> wrote:

>
> On 14-05-2024 15:11, Gregory Sloop via samba wrote:
> >
> >> On Mon, 13 May 2024 17:10:20 -0700
> >> Gregory Sloop via samba <samba at lists.samba.org> wrote:
> >>> I feel like this should be super easy, and that I must be doing
> >>> something dumb, but I need to create another sudo user for the VM's
> >>> the DC's are running on.
> >>> I've created a "domain admin" equivalent user in AD - and perhaps
> >>> this account can be used. I also attempted to create a local user and
> >>> add them to the local sudo group, but that didn't seem to work.
> >>> But I don't *need* an AD account. I can simply create a local user on
> >>> each DC for sudo use, but I'll need a way that works. (When I attempt
> >>> to create the local user, it prompts for the password, and then an NT
> >>> password. And when I try to SSH/login to that local account, it
> >>> fails.)
> >> It shouldn't ask you for an NT password, how are you creating the
> >> 'local' user ?
> > As root I use;
> > adduser
> >
> >
> > I tried it again as a test.
> > In the add-user process, I get a prompt for the "Current Kerberos
> password:" (I didn't pay a lot of attention the first time, when it asked
> for an NT password - so I'm not sure where that came up.)
> >
> > If I give it null passwords (just hit enter), I get
> > passwd: Authentication token manipulation error
> > passwd: password unchanged
> I would suspect you pam is configured to use winbind as well...
> >
> > So, I'm a little puzzled.
> if you install libuser (apt-get install libuser) you get a set of tools
> that will always and only operate on local accounts, e.g. commands like
> this:
>
> lchsh, lchfn, lid, lnewusers, lgroupadd, luseradd, lgroupdel, luserdel,
> lusermod, lgroupmod, lchage, lpasswd
>
> - Kees.
>
>
> >
> > -Greg
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list