[Samba] circumvent the proxy user
boomer at brainfood.homelinux.org
Tue Jul 13 01:42:00 MDT 2010
my company wants to integrate all Unix servers into active directory.
For "normal" account management I decided more or less to go down the
To have all information in one place, we also want to put sudoers in the AD.
Now the question is, how can I access the information ?
I don't think, winbind can provide sudoers information.
So, I guess I have to maintain a separate ldap.conf for sudo.
But, how does sudo authenticate to the LDAP server (the user is
authenticated using pam and thus through winbind (unless NOPASSWD is
- The standard answer is: use a proxy user. But I dont like it
- How does winbind authenticate to the LDAP server ? Would it be possible
to do the same with nss_ldap ?
- Somebody suggested to use SASL -> GSS_API -> Kerberos. But how do I
handle non-AD users, or the NOPASSWD case ?
Minds are like parachutes
They only function when open
More information about the samba