[Samba] howto install sudo schema
shadrock uhuru
niyalevi at gmail.com
Sat Aug 16 21:46:12 MDT 2014
Hi all
i have added the sudo attribute ldif and sudo class ldif files without
errors,
the following has also been added without errors.
dn: cn=%wheel_rule,ou=SUDOers,DC=tissisat,DC=co,DC=uk
objectClass: top
objectClass: sudoRole
cn: %wheel
sudoUser: %wheel
sudoHost: ALL
sudoCommand: ALL
using the info here
https://www.mail-archive.com/sssd-users@lists.fedorahosted.org/msg01792.html
i tried to set the acl which gave me these errors
$ sudo samba-tool dsacl set -H /etc/samba/private/sam.ldb
--objectdn="OU=SUDOers,dc=tissisat,dc=co,dc=uk " --sddl="(A;CI;RPLCRC;;;DC)"
ERROR(ldb): uncaught exception - NULL Base DN invalid for a base search
File "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", line
175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/samba/netcmd/dsacl.py", line
163, in run
sid = self.find_trustee_sid(samdb, trusteedn)
File "/usr/lib/python2.7/site-packages/samba/netcmd/dsacl.py", line
88, in find_trustee_sid
scope=SCOPE_BASE)
$ sudo ldbedit -e nano -H /etc/samba/private/sam.ldb -b
dc=tissisat,dc=co,dc=uk
'(&(objectClass=organizationalUnit)(ou=sudoers))' nTSecurityDescriptor
no matching records - cannot edit
-----------------------------
could you detail the ldbsearch commands to list the attribute and class
details to check that the records have been added correctly ?
what is the right Base DN to set the acl ?
Shadrock
More information about the samba
mailing list