[Samba] Adding an AD group to /etc/sudoers?
jeff.sadowski at gmail.com
Tue Dec 8 21:56:39 UTC 2015
wbinfo -r username
shows the gid of it
and a bunch of -1's id guess for groups without gid's
my user belongs to 155 groups is there a problem with that many groups?
On Tue, Dec 8, 2015 at 2:12 PM, Jeff Sadowski <jeff.sadowski at gmail.com>
> "id" alone does not show my user in the it group
> "id username" does
> why would id alone give different results?
> which is odd because
> as my username I can get into a folder that has 0760 permissions with user
> as root and it as the group
> as for
> %it ALL=(ALL) ALL
> instead of:
> %it ALL=(ALL:ALL) ALL
> seems to work the same
> On Tue, Dec 8, 2015 at 1:29 PM, Mattias Zhabinskiy <
> mattiasz at thinklogical.com> wrote:
>> After the ssh did you run "id" command to verify that your account
>> belongs to the "it" group on the remote system?
>> Did you try:
>> %it ALL=(ALL) ALL
>> instead of:
>> %it ALL=(ALL:ALL) ALL
>> From: samba <samba-bounces at lists.samba.org> on behalf of Jeff Sadowski <
>> jeff.sadowski at gmail.com>
>> Sent: Monday, December 7, 2015 2:56 PM
>> To: samba
>> Subject: [Samba] Adding an AD group to /etc/sudoers?
>> I can't seem to get this working and here is what I have done so far.
>> I am using samba 4.1.6
>> my /etc/samba/smb.conf looks like so
>> security = ads
>> realm = DOMAIN.LONG
>> workgroup = DOMAIN
>> idmap config * : backend = tdb
>> idmap config * : range = 2000-7999
>> idmap config DOMAIN:backend = ad
>> idmap config DOMAIN:range = 8000-9999999
>> idmap config DOMAIN:schema_mode = rfc2307
>> winbind nss info = rfc2307
>> winbind use default domain = yes
>> winbind nested groups=yes
>> # so that the users show up in getent
>> winbind enum users = Yes
>> # doesn't seem to do the same for groups :-/
>> winbind enum groups = Yes
>> restrict anonymous = 2
>> In AD my group it has a gid 8001
>> #getent group it
>> in /etc/sudoers is the line
>> %it ALL=(ALL:ALL) ALL
>> when I ssh to said machine like so
>> ssh myusername at problemhost
>> then run a command like so
>> > sudo echo
>> [sudo] password for myusername:
>> myusername is not in the sudoers file. This incident will be reported.
>> I tried adding another line to /etc/sudoers as follows
>> %DOMAIN\\it ALL=(ALL:ALL) ALL
>> %DOMAIN\it ALL=(ALL:ALL) ALL
>> but neither of them work either.
>> I seem to be able to get into the nfs shares I have group permissions to
>> but I can not get sudo to work with my AD user group.
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba