[Samba] [Solved] Samba 4 sudoers

Jeff Sadowski jeff.sadowski at gmail.com
Mon May 2 13:55:08 UTC 2016

You either have to list the full group name in sudoers IE: DOMIN\groupname
or use the option "winbind use default domain = yes"
for one thing.

I'm not sure if you need enumeration but I like seeing domain users and
groups with getent so I have the options

winbind enum users = yes
winbind enum groups = yes

On Mon, May 2, 2016 at 6:11 AM, Sketch <smblist at rednsx.org> wrote:

> On Mon, 2 May 2016, Andrew Bartlett wrote:
> On Mon, 2016-05-02 at 07:44 +1000, John Gardeniers wrote:
>>> Hi Andrew,
>>> Please elaborate, as we're about to put it on Samba 4.2. Thanks.
>> Please don't use 4.2 with the sudo schema.  At a client, we have seen
>> that cause database corruption when combined with multiple DCs,
>> specifically duplicate values in the database that sssd really didn't
>> like.  It will also require you to run dbcheck from Samba 4.3 or later
>> before you can replicate with a Samba 4.3 DC.
> Is this specific to 4.2?  I am currently on 4.1 but planning to upgrade to
> 4.2 in the near future since 4.1 is no longer supported by anyone.  I had
> previously installed the sudo schema on 4.1, but I was never able to get it
> to work.  Maybe I should remove it before upgrading?
> BTW, I have seen occasional issues with replication of deleted entries
> that required me to manually go and delete them on the non-master DCs. Is
> this possibly related?
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list