[Samba] Samba4 + FreeIPA
Cyrus
cyruspy at gmail.com
Thu Nov 4 21:02:07 UTC 2021
Thanks for the pointers, I'll look into them.
Regards,
CI.-
On Thu, Nov 4, 2021, 16:35 David Mulder via samba <samba at lists.samba.org>
wrote:
> On 11/3/21 6:56 AM, Rowland Penny via samba wrote:
> > On Wed, 2021-11-03 at 09:44 -0300, Cyrus wrote:
> >> Thanks for the feedback. In the past, were MS AD was already present,
> >> it was the working recipe in my experience.
> >>
> >> In this case, starting from scratch I would be happy to go with just
> >> one solution.
> >>
> >> I wasn't able to find documentation to implement sudoers or HBAC.
> >> Does it require schema extensions?, are they supported through
> >> regular CLI tools or they require direct LDAP manipulation?.
> >>
> >> If you could share any pointers to related documentation, it would be
> >> great. For some reason I'm failing to find them.
> >
> > Yes, you have to extend the AD schema for sudoers, then you use sudo
> > with ldap. I can help with the first and there is quite a bit out there
> > about the second. As for HBAC, presumably you can use GPO's for this
> > and David Mulder would know about this, talking about his work with
> > Samba AD and GPO's, he has provided another method for sudo.
> >
>
> You can distribute sudoers policies and host access control via Samba
> GPO (just as you would deploy Windows GPOs). I'm happy to show you how,
> but you can also read about it here:
> https://wiki.samba.org/index.php/Group_Policy#Sudoers_Policies
> https://wiki.samba.org/index.php/Group_Policy#PAM_Access_Policies
>
> --
> *David Mulder*
> Labs Software Engineer, Samba
> SUSE
> 1800 Novell Place
> Provo, UT 84606
> (P)+1 801.861.6571
> dmulder at suse.com
> <http://www.suse.com/>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list