[Samba] [Solved] Samba 4 sudoers

John Gardeniers jgardeniers at objectmastery.com
Sun May 1 21:44:54 UTC 2016


Hi Andrew,

Please elaborate, as we're about to put it on Samba 4.2. Thanks.

regards,
John


On 30/04/16 18:12, Andrew Bartlett wrote:
> On Thu, 2016-04-21 at 15:40 +1000, John Gardeniers wrote:
>> Good news, I now have this working. Once I finish writing my notes
>> I'll
>> make them available to whoever might want them. Just to clarify
>> things a
>> bit, here is what we have and what we wanted:
>>
>> * Linux users are authenticated by the Samba 4 domain controllers via
>> SSSD, which itself uses LDAP.
>> * As we are a development house, we have a rather complex set of
>> users/groups/permissions on the numerous servers. We wanted to manage
>> this centrally via Active Directory, without touching the sudoers
>> file
>> on the Linux side.
>> * As of now, on a test domain which is functionally a replica of our
>> production domain, we are able to manage sudo permissions on our AD
>> users and groups via a combination of ADSI Edit and ADUC.
>>
>> ADSI Edit is used only to create a new rule, which we then edit in
>> ADUC.
>> As I am the only member of our team who has ever dealt with Active
>> Directory before we are looking for any GUI tool which can make this
>> a
>> bit more intuitive, as the native Linux speakers aren't overly
>> comfortable with the aforementioned tools. If you know of any we'd
>> like
>> to know.
>>
>> A bit more testing and we can copy this to production. :)
>>
>> regards,
>> John
> Make sure to use Samba 4.4 to avoid very strange replication bugs with
> the custom schema.
>
> Andrew Bartlett
>




More information about the samba mailing list