Project

General

Profile

action #23746

Adding sudoers rules to active directory.

Added by flacco almost 6 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
flacco
Category:
-
Target version:
14.2
Start date:
2017-08-29
Due date:
% Done:

100%

Estimated time:

Description

Like described in an "Linux Administrator Magazin" article we should add support for providing sudo rules to active directory.

Info: http://jhrozek.livejournal.com/3860.html

History

#1 Updated by flacco almost 6 years ago

  • % Done changed from 0 to 20

Schema templates for sudo schema extension are ready and added to invis-setup package.

#2 Updated by flacco almost 6 years ago

  • % Done changed from 20 to 30

I have added a base-node for sudo-rules to AD: CN=Sudo-Rules,CN=invis-Server,dc=invis-net,dc=loc, and an example ldif for adding new sudo rules to AD.

Next steps are:

  1. Writing a shell-script for adding new sudo-rules to AD
  2. Adding sudoers sssd configuration to invis-client package.

For Point 2: we have to extend the sssd.conf and the nsswitch.conf

sssd.conf:

services = nss, pam, sudo (in the global section)

nsswitch.conf:

New line:

sudoers: files sss

#3 Updated by flacco almost 6 years ago

  • % Done changed from 30 to 50

A first version of a script called sudorule2ad is ready an now part of the invis-server setup. It's now possible to sudo rules to ad.

Now we have to implement the client-site. Server an linux-clients inside an invis-server AD domain must look for sudo rules in the AD.

#4 Updated by flacco almost 6 years ago

  • Status changed from New to In Progress

#5 Updated by ingogoeppert over 5 years ago

  • Target version set to 13.1

#6 Updated by flacco over 5 years ago

  • Due date deleted (2017-09-30)
  • Target version changed from 13.1 to Next

#7 Updated by ingogoeppert about 5 years ago

  • Project changed from invis-server to invisAD-setup
  • Category deleted (Developement)
  • Target version deleted (Next)

#8 Updated by flacco about 5 years ago

  • Target version set to Future

#9 Updated by ingogoeppert almost 2 years ago

  • Status changed from In Progress to Closed
  • Target version changed from Future to 14.2

Erste Schritte erledigt und in 13.0 vorhanden, wird eventuell durch die inzwischen für Samba verfügbaren GPOs ersetzt. Dafür ggf. neues Ticket anlegen.

#10 Updated by ingogoeppert over 1 year ago

  • % Done changed from 50 to 100

Also available in: Atom PDF