[Samba] [Solved] Samba 4 sudoers

John Gardeniers jgardeniers at objectmastery.com
Thu Apr 21 05:40:16 UTC 2016

Good news, I now have this working. Once I finish writing my notes I'll 
make them available to whoever might want them. Just to clarify things a 
bit, here is what we have and what we wanted:

* Linux users are authenticated by the Samba 4 domain controllers via 
SSSD, which itself uses LDAP.
* As we are a development house, we have a rather complex set of 
users/groups/permissions on the numerous servers. We wanted to manage 
this centrally via Active Directory, without touching the sudoers file 
on the Linux side.
* As of now, on a test domain which is functionally a replica of our 
production domain, we are able to manage sudo permissions on our AD 
users and groups via a combination of ADSI Edit and ADUC.

ADSI Edit is used only to create a new rule, which we then edit in ADUC. 
As I am the only member of our team who has ever dealt with Active 
Directory before we are looking for any GUI tool which can make this a 
bit more intuitive, as the native Linux speakers aren't overly 
comfortable with the aforementioned tools. If you know of any we'd like 
to know.

A bit more testing and we can copy this to production. :)


On 20/04/16 14:18, John Gardeniers wrote:
> Has anyone here managed to get sudo working with Samba 4 AD users, 
> using either ldap or sssd, with sssd preferred? If so, can you please 
> point me in the direction of whatever instructions you used? It seems 
> like there are a bunch of tutorials on the subject, each with 
> different, and sometimes conflicting, information but none of those 
> I've tried work for me.
> regards,
> John

More information about the samba mailing list