[Samba] Samba DC and alternate sudo login

Rowland Penny rpenny at samba.org
Tue May 14 13:21:12 UTC 2024 

On Tue, 14 May 2024 06:11:01 -0700
Gregory Sloop via samba <samba at lists.samba.org> wrote:

> 
> 
> > On Mon, 13 May 2024 17:10:20 -0700
> > Gregory Sloop via samba <samba at lists.samba.org> wrote:
> 
> >> I feel like this should be super easy, and that I must be doing
> >> something dumb, but I need to create another sudo user for the VM's
> >> the DC's are running on.
> 
> >> I've created a "domain admin" equivalent user in AD - and perhaps
> >> this account can be used. I also attempted to create a local user
> >> and add them to the local sudo group, but that didn't seem to
> >> work. But I don't *need* an AD account. I can simply create a
> >> local user on each DC for sudo use, but I'll need a way that
> >> works. (When I attempt to create the local user, it prompts for
> >> the password, and then an NT password. And when I try to SSH/login
> >> to that local account, it fails.) 
> 
> > It shouldn't ask you for an NT password, how are you creating the
> > 'local' user ?
> 
> As root I use;
> adduser
> 
>  
> I tried it again as a test.
> In the add-user process, I get a prompt for the "Current Kerberos
> password:" (I didn't pay a lot of attention the first time, when it
> asked for an NT password - so I'm not sure where that came up.) If I
> give it null passwords (just hit enter), I get passwd: Authentication
> token manipulation error passwd: password unchanged
>  
> So, I'm a little puzzled.
>  
> -Greg
>  

I asked because before I replied to your post, I tried to create a user
and got this:

adminuser at tmpdc1:~ $ sudo adduser testadmin
Adding user `testadmin' ...
Adding new group `testadmin' (1001) ...
Adding new user `testadmin' (1001) with group `testadmin (1001)' ...
Creating home directory `/home/testadmin' ...
Copying files from `/etc/skel' ...
New password: 
Retype new password: 
passwd: password updated successfully
Changing the user information for testadmin
Enter the new value, or press ENTER for the default
	Full Name []: 
	Room Number []: 
	Work Phone []: 
	Home Phone []: 
	Other []: 
Is the information correct? [Y/n] y
Adding new user `testadmin' to supplemental / extra groups `users' ...
Adding user `testadmin' to group `users' ...

Now I was doing this on one of my DCs, which runs Raspberry pi OS, but
that is really just Debian 12 tweaked.

Can I ask if you have libpam-krb5 installed ?

Rowland

More information about the samba mailing list