On Mon, Jul 21, 2014 at 01:47:47PM +0100, Rowland Penny wrote: > On 21/07/14 11:15, Jakub Hrozek wrote: > >On Mon, Jul 21, 2014 at 08:47:24AM +0100, Rowland Penny wrote: > >>>Normally I use ADSI Edit to adit the permissions. If you right-click the > >>>sudo container in ADSI, select properties and then go to the Security Tab, > >>>do you "Authenticated users" there ? btw I'm using Windows Server 2012, > >>>not sure if the dialogs look any different in earlier versions. > >>So what you are saying is, to get a UNIX program to work on a UNIX machine > >>running against a UNIX AD DC, you have to to set it up on a WINDOWS machine > >>??? What happens if you do not have a windows machine or if you do, you > >>don't have ADSI Edit ?? > >No, but this is the first time in this thread you mention you're using > >Samba and not a real AD.. I know you probably mentioned Samba in some > >previous threads, but I forgot that, sorry. > > Sorry if I didn't explicitly say I was using a samba AD DC, I didn't think > it mattered as an AD server is an AD server, whether it a samba AD server or > a windows AD server.
No problem. > > From what you posted, I have found the problem(after installing XP in a VM, > installing RSAT etc), Domain computers was only being allowed to read > 'OU=SUDOers'. it wasn't being allowed to read any of the children. > > I now need to work out how to alter the 'nTSecurityDescriptor' attribute of > OU=SUDOers ( replacing '(A;;RPLCRC;;;DC)' with '(A;CI;RPLCRC;;;DC)' ) using > only linux tools ;-) > > Rowland This would be a really nice HOWTO! _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users