[Samba] [Solved] Samba 4 sudoers

Andrew Bartlett abartlet at samba.org
Sat Apr 30 08:12:32 UTC 2016

On Thu, 2016-04-21 at 15:40 +1000, John Gardeniers wrote:
> Good news, I now have this working. Once I finish writing my notes
> I'll 
> make them available to whoever might want them. Just to clarify
> things a 
> bit, here is what we have and what we wanted:
> * Linux users are authenticated by the Samba 4 domain controllers via
> SSSD, which itself uses LDAP.
> * As we are a development house, we have a rather complex set of 
> users/groups/permissions on the numerous servers. We wanted to manage
> this centrally via Active Directory, without touching the sudoers
> file 
> on the Linux side.
> * As of now, on a test domain which is functionally a replica of our 
> production domain, we are able to manage sudo permissions on our AD 
> users and groups via a combination of ADSI Edit and ADUC.
> ADSI Edit is used only to create a new rule, which we then edit in
> ADUC. 
> As I am the only member of our team who has ever dealt with Active 
> Directory before we are looking for any GUI tool which can make this
> a 
> bit more intuitive, as the native Linux speakers aren't overly 
> comfortable with the aforementioned tools. If you know of any we'd
> like 
> to know.
> A bit more testing and we can copy this to production. :)
> regards,
> John

Make sure to use Samba 4.4 to avoid very strange replication bugs with
the custom schema.

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list