From 90f9e5eba55cb74e0219c0e35c21778c5e65b1bf Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Fri, 23 Dec 2022 08:47:31 -0600 Subject: [PATCH] samba-dc: Manage sudoers Domain controllers only allow users in the *Domain Admins* AD group to use `sudo` by default. *dustin* and *jenkins* need to be able to apply configuration policy to these machines, but they are not members of said group. --- group_vars/samba-dc.yml | 4 ++++ samba-dc.yml | 1 + 2 files changed, 5 insertions(+) diff --git a/group_vars/samba-dc.yml b/group_vars/samba-dc.yml index 6c82f74..8f3c04c 100644 --- a/group_vars/samba-dc.yml +++ b/group_vars/samba-dc.yml @@ -21,3 +21,7 @@ collectd_processes: - name: smbd - name: krb5kdc - name: winbindd + +admin_users: +- 'PYROCUFFLINK\dustin' +- 'PYROCUFFLINK\jenkins' diff --git a/samba-dc.yml b/samba-dc.yml index 6c64348..3630cc9 100644 --- a/samba-dc.yml +++ b/samba-dc.yml @@ -4,6 +4,7 @@ - kerberos - dch-selinux - samba-dc + - sudo tasks: - name: set samba configuration facts set_fact: