[Samba] Samba4 + FreeIPA

Rowland Penny rpenny at samba.org
Wed Nov 3 12:56:13 UTC 2021

On Wed, 2021-11-03 at 09:44 -0300, Cyrus wrote:
> Thanks for the feedback. In the past, were MS AD was already present,
> it was the working recipe in my experience. 
> In this case, starting from scratch I would be happy to go with just
> one solution.
> I wasn't able to find documentation to implement sudoers or HBAC.
> Does it require schema extensions?, are they supported through
> regular CLI tools or they require direct LDAP manipulation?.
> If you could share any pointers to related documentation, it would be
> great. For some reason I'm failing to find them.

Yes, you have to extend the AD schema for sudoers, then you use sudo
with ldap. I can help with the first and there is quite a bit out there
about the second. As for HBAC, presumably you can use GPO's for this
and David Mulder would know about this, talking about his work with
Samba AD and GPO's, he has provided another method for sudo.


More information about the samba mailing list