sudo plugin for winbind.
Phil Lello
phil at dunlop-lello.uk
Thu Jul 23 19:36:18 UTC 2015
I was slightly misconfigured; resolved by adding the following to smb.conf:
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
However, the question remainds, would a sudo plugin be of use/interest? I
envisage some form of GPO / host group settings.
Phil
On Thu, Jul 23, 2015 at 8:29 PM, Phil Lello <phil at dunlop-lello.uk> wrote:
> Just a quick heads up, I'm looking into writing a sudo plugin for winbind
> to allow sudo access for linux logins authenticated by pam_winbind. Has
> anyone looked at this before, or is anyone actively working on this?
>
> Standard sudo doesn't seem to work for pam_winbind accounts (failing with
> "not in sudoers"), but even if it did, a more targetted AD/Samba solution
> would be a useful option.
>
> Just in case someone can shout out that I've misconfigured my system so
> should feel less motivated, part of the oddity I'm seeing is:
>
> DUNLOP-LELLO\phil at inferno:~$ id phil
> uid=3000020(DUNLOP-LELLO\phil) gid=100(users)
> groups=100(users),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),113(libvirtd),114(lpadmin),115(sambashare)
> DUNLOP-LELLO\phil at inferno:~$ id
> uid=3000020(DUNLOP-LELLO\phil) gid=100(users) groups=100(users),27(sudo)
>
> Phil
>
More information about the samba-technical
mailing list