[Samba] howto install sudo schema
rowlandpenny at googlemail.com
Thu Aug 14 02:17:41 MDT 2014
On 14/08/14 01:07, shadrock uhuru wrote:
> i have modified the schema by deleting the
> changetype: modify
> add: schemaUpdateNow
> schemaUpdateNow: 1
> and i have moved the "dn: CN=sudoRole,CN=Schema,CN=Configuration,DC=X"
> section to a separate ldif file.
> my domain is tissisat.co.uk,
> should i change all references to DC from DC=X to
> DC=tissisat,DC=co,DC=uk ?
Possibly, if unsure run this command on the samba4 AD DC:
ldbsearch -H ldap://localhost -s base -b "" defaultNamingContext | grep
'defaultNamingContext:' | sed 's|defaultNamingContext: ||'
The result is what you need to replace 'DC=X'
>> I use sssd to get the sudo rules from AD and do not index the sudoUser
>> attribute, in fact, thinking about it, I don't index anything ;-)
>> What I had to do was alter the 'nTSecurityDescriptor' attribute on
>> 'CN=SUDOers', to allow Domain Computers to access the rules
> not sure what you mean but i assume your referring to
> $ cat sudo_user
> dn: cn=%wheel,ou=SUDOers, DC=tissisat,DC=co,DC=uk
> objectClass: top
> objectClass: sudoRole
> cn: %wheel
> sudoUser: %wheel
> sudoHost: ALL
> sudoCommand: ALL
> specifically cn=%wheel and sudoUser: %wheel
More information about the samba