On 21/07/14 11:15, Jakub Hrozek wrote:
On Mon, Jul 21, 2014 at 08:47:24AM +0100, Rowland Penny wrote:
>> Normally I use ADSI Edit to adit the permissions. If you right-click the
>> sudo container in ADSI, select properties and then go to the Security Tab,
>> do you "Authenticated users" there ? btw I'm using Windows Server
>> not sure if the dialogs look any different in earlier versions.
> So what you are saying is, to get a UNIX program to work on a UNIX machine
> running against a UNIX AD DC, you have to to set it up on a WINDOWS machine
> ??? What happens if you do not have a windows machine or if you do, you
> don't have ADSI Edit ??
No, but this is the first time in this thread you mention you're using
Samba and not a real AD.. I know you probably mentioned Samba in some
previous threads, but I forgot that, sorry.
Sorry if I didn't explicitly say I was using a samba AD DC, I didn't
think it mattered as an AD server is an AD server, whether it a samba AD
server or a windows AD server.
From what you posted, I have found the problem(after installing XP in a
VM, installing RSAT etc), Domain computers was only being allowed to
read 'OU=SUDOers'. it wasn't being allowed to read any of the children.
I now need to work out how to alter the 'nTSecurityDescriptor' attribute
of OU=SUDOers ( replacing '(A;;RPLCRC;;;DC)' with '(A;CI;RPLCRC;;;DC)' )
using only linux tools ;-)
I don't have too much experience customizing Samba permissions, but this
is a good question to ask on some Samba mailing list or IRC channel.
Or maybe some of the Samba developers hanging out on this list have some
sssd-users mailing list