action #23746
closedAdding sudoers rules to active directory.
Description
Like described in an "Linux Administrator Magazin" article we should add support for providing sudo rules to active directory.
Updated by flacco about 7 years ago
- % Done changed from 0 to 20
Schema templates for sudo schema extension are ready and added to invis-setup package.
Updated by flacco about 7 years ago
- % Done changed from 20 to 30
I have added a base-node for sudo-rules to AD: CN=Sudo-Rules,CN=invis-Server,dc=invis-net,dc=loc, and an example ldif for adding new sudo rules to AD.
Next steps are:
- Writing a shell-script for adding new sudo-rules to AD
- Adding sudoers sssd configuration to invis-client package.
For Point 2: we have to extend the sssd.conf and the nsswitch.conf
sssd.conf:
services = nss, pam, sudo (in the global section)
nsswitch.conf:
New line:
sudoers: files sss
Updated by flacco about 7 years ago
- % Done changed from 30 to 50
A first version of a script called sudorule2ad is ready an now part of the invis-server setup. It's now possible to sudo rules to ad.
Now we have to implement the client-site. Server an linux-clients inside an invis-server AD domain must look for sudo rules in the AD.
Updated by flacco almost 7 years ago
- Due date deleted (
2017-09-30) - Target version changed from 13.1 to Next
Updated by ingogoeppert over 6 years ago
- Project changed from invis-server to invisAD-setup
- Category deleted (
Developement) - Target version deleted (
Next)
Updated by ingogoeppert over 3 years ago
- Status changed from In Progress to Closed
- Target version changed from Future to 14.2
Erste Schritte erledigt und in 13.0 vorhanden, wird eventuell durch die inzwischen für Samba verfügbaren GPOs ersetzt. Dafür ggf. neues Ticket anlegen.