[Samba] howto install sudo schema

shadrock uhuru niyalevi at gmail.com
Thu Aug 21 16:12:55 MDT 2014


Hi all
> On 21/08/14 19:57, shadrock uhuru wrote:
> >/ Hi all
> />/
> />>/ OK, if I replace the the path to sam.ldb & the rootdse (the dc= part) on
> />>/ the ldbedit command it works, so something is going wrong on your
> />>/ system, so:
> />>/
> />>/ What OS
> />>/ What version samba4
> />>/ compiled or distro package
> />>/ what version ldbtools
> />>/
> />>/ You need --kerberos to actually change anything, searching is different.
> />>/
> />>/ Rowland
> />/
> />/ $ uname -a
> />/ Linux ashanti 3.15.5-2-ARCH #1 SMP PREEMPT Fri Jul 11 07:55:51 CEST 2014
> />/ i686 GNU/Linux
> /This is not your OS, it is your kernel! I think it could be a version of 
> archlinux but not sure.

sorry the os and version is archlinux 2014-06-01

> >/ $ samba -V
> />/ Version 4.1.9
> />/ $ ldbedit -V
> />/ Version 4.1.9
> />/ $ ldbsearch -V
> />/ Version 4.1.9
> />/ $ samba-tool -V
> />/ 4.1.9
> />/
> />/ samba was installed from a package with the standard command of #pacman
> />/ -S samba.
> />/
> />/ i tried
> />/ $ sudo ldbedit -e nano -H /etc/samba/private/sam.ldb -b
> />/ OU=SUDOers,dc=tissisat,dc=co,dc=uk
> />/ this brought up the editor with this to edit
> />/
> />/ # editing 1 records
> />/ # record 1
> />/ dn: cn=%wheel,ou=SUDOers,DC=tissisat,DC=co,DC=uk
> />/ cn: %wheel
> />/ objectClass: top
> />/ objectClass: sudoRole
> />/ sudoCommand: ALL
> />/ sudoHost: ALL
> />/ sudoUser: %wheel
> />/ distinguishedName: cn=%wheel,ou=SUDOers,DC=tissisat,DC=co,DC=uk
> />/
> />/ i then tried this
> />/ $ sudo ldbedit -e nano -H /etc/samba/private/sam.ldb -b
> />/ OU=SUDOers,dc=tissisat,dc=co,dc=uk -s sub
> />/ "(&(objectClass=organizationalUnit)(objectCategory=organizationalUnit))"
> />/ no matching records - cannot edit
> />/
> />/ Shadrock
> /Right, lets find out if you can see the OU:
>
> sudo ldbedit -e nano -H /etc/samba/private/sam.ldb ou=SUDOers
no matching records - cannot edit
>
> This should display the entire OU (except the nTSecurityDescriptor 
> attribute)
>
> If it does, try this:
>
> sudo ldbedit -e nano -H /etc/samba/private/sam.ldb -b 
> OU=SUDOers,dc=tissisat,dc=co,dc=uk -s sub 
> "(objectClass=organizationalUnit)" nTSecurityDescriptor
>
> This should display the nTSecurityDescriptor attribute.
>
> Just one last thought, you are running kinit as root, aren't you ?
>
> Rowland
i was logged in as an unprivileged user and kinit as administrator and
then used sudo to run the commands,
just incase this was a problem i logged in and kinit as root in another
shell, tried the command without sudo but it still gave me the same error.

Shadrock


More information about the samba mailing list