Project

General

Profile

Actions

action #23746

closed

Adding sudoers rules to active directory.

Added by flacco over 6 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
2017-08-29
Due date:
% Done:

100%

Estimated time:

Description

Like described in an "Linux Administrator Magazin" article we should add support for providing sudo rules to active directory.

Info: http://jhrozek.livejournal.com/3860.html

Actions #1

Updated by flacco over 6 years ago

  • % Done changed from 0 to 20

Schema templates for sudo schema extension are ready and added to invis-setup package.

Actions #2

Updated by flacco over 6 years ago

  • % Done changed from 20 to 30

I have added a base-node for sudo-rules to AD: CN=Sudo-Rules,CN=invis-Server,dc=invis-net,dc=loc, and an example ldif for adding new sudo rules to AD.

Next steps are:

  1. Writing a shell-script for adding new sudo-rules to AD
  2. Adding sudoers sssd configuration to invis-client package.

For Point 2: we have to extend the sssd.conf and the nsswitch.conf

sssd.conf:

services = nss, pam, sudo (in the global section)

nsswitch.conf:

New line:

sudoers: files sss

Actions #3

Updated by flacco over 6 years ago

  • % Done changed from 30 to 50

A first version of a script called sudorule2ad is ready an now part of the invis-server setup. It's now possible to sudo rules to ad.

Now we have to implement the client-site. Server an linux-clients inside an invis-server AD domain must look for sudo rules in the AD.

Actions #4

Updated by flacco over 6 years ago

  • Status changed from New to In Progress
Actions #5

Updated by ingogoeppert over 6 years ago

  • Target version set to 13.1
Actions #6

Updated by flacco about 6 years ago

  • Due date deleted (2017-09-30)
  • Target version changed from 13.1 to Next
Actions #7

Updated by ingogoeppert about 6 years ago

  • Project changed from invis-server to invisAD-setup
  • Category deleted (Developement)
  • Target version deleted (Next)
Actions #8

Updated by flacco about 6 years ago

  • Target version set to Future
Actions #9

Updated by ingogoeppert over 2 years ago

  • Status changed from In Progress to Closed
  • Target version changed from Future to 14.2

Erste Schritte erledigt und in 13.0 vorhanden, wird eventuell durch die inzwischen für Samba verfügbaren GPOs ersetzt. Dafür ggf. neues Ticket anlegen.

Actions #10

Updated by ingogoeppert over 2 years ago

  • % Done changed from 50 to 100
Actions

Also available in: Atom PDF