[Samba] howto install sudo schema

[Rowland Penny]

On 21/08/14 19:57, shadrock uhuru wrote:
> Hi all
>
>> OK, if I replace the the path to sam.ldb & the rootdse (the dc= part) on
>> the ldbedit command it works, so something is going wrong on your
>> system, so:
>>
>> What OS
>> What version samba4
>> compiled or distro package
>> what version ldbtools
>>
>> You need --kerberos to actually change anything, searching is different.
>>
>> Rowland
>
> $ uname -a
> Linux ashanti 3.15.5-2-ARCH #1 SMP PREEMPT Fri Jul 11 07:55:51 CEST 2014
> i686 GNU/Linux
This is not your OS, it is your kernel! I think it could be a version of 
archlinux but not sure.

> $ samba -V
> Version 4.1.9
> $ ldbedit -V
> Version 4.1.9
> $ ldbsearch -V
> Version 4.1.9
> $ samba-tool -V
> 4.1.9
>
> samba was installed from a package with the standard command of #pacman
> -S samba.
>
> i tried
> $ sudo ldbedit -e nano -H /etc/samba/private/sam.ldb -b
> OU=SUDOers,dc=tissisat,dc=co,dc=uk
> this brought up the editor with this to edit
>
> # editing 1 records
> # record 1
> dn: cn=%wheel,ou=SUDOers,DC=tissisat,DC=co,DC=uk
> cn: %wheel
> objectClass: top
> objectClass: sudoRole
> sudoCommand: ALL
> sudoHost: ALL
> sudoUser: %wheel
> distinguishedName: cn=%wheel,ou=SUDOers,DC=tissisat,DC=co,DC=uk
>
> i then tried this
> $ sudo ldbedit -e nano -H /etc/samba/private/sam.ldb -b
> OU=SUDOers,dc=tissisat,dc=co,dc=uk -s sub
> "(&(objectClass=organizationalUnit)(objectCategory=organizationalUnit))"
> no matching records - cannot edit
>
> Shadrock
Right, lets find out if you can see the OU:

sudo ldbedit -e nano -H /etc/samba/private/sam.ldb ou=SUDOers

This should display the entire OU (except the nTSecurityDescriptor 
attribute)

If it does, try this:

sudo ldbedit -e nano -H /etc/samba/private/sam.ldb -b 
OU=SUDOers,dc=tissisat,dc=co,dc=uk -s sub 
"(objectClass=organizationalUnit)" nTSecurityDescriptor

This should display the nTSecurityDescriptor attribute.

Just one last thought, you are running kinit as root, aren't you ?

Rowland