jg3
Dabbler
- Joined
- May 17, 2017
- Messages
- 20
Hello,
Problem: My AD shell account password always fails when using sudo.
I have AD auth to my Windows 2012 server working fine, and no other (known) (FreeNAS) problems. I can SSH using my AD password. In trying to follow the tutorial on how to set up a jail I have to run a command like jexec 1 tcsh but my domain user doesn't have permission for that. Enter sudo.
Putting in my AD password (correctly) gets repeatedly rejected. What gives?
Notes and context:
I can log in using my AD password.
I'm in the sudoers group
sudo lists me as someone who should be able to execute all commands.
domain users
domain groups
I think this is because my AD configuration is unencrypted?
Problem: My AD shell account password always fails when using sudo.
I have AD auth to my Windows 2012 server working fine, and no other (known) (FreeNAS) problems. I can SSH using my AD password. In trying to follow the tutorial on how to set up a jail I have to run a command like jexec 1 tcsh but my domain user doesn't have permission for that. Enter sudo.
Code:
$ sudo jexec 1 tcsh We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Password: Sorry, try again. Password: ...
Putting in my AD password (correctly) gets repeatedly rejected. What gives?
Notes and context:
Code:
jg3@lappy$ ssh jg@fn jg@fn's password: Last login: Thu Feb 1 11:36:34 2018 from 10.39.0.230 FreeBSD 11.1-STABLE (FreeNAS.amd64) #0 r321665+4bd3ee42941(freenas/11.1-stable): Thu Jan 18 15:45:01 UTC 2018 ...
I can log in using my AD password.
Code:
$ id uid=21109(jg) gid=20513(domain users) groups=20513(domain users),21109(jg),21117(allowed rdp),21129(sudoers),90000005(BUILTIN\users) $
Code:
$ sudo -l Matching Defaults entries for jg on fn: syslog_goodpri=debug, secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin\:/usr/local/sbin\:/usr/local/bin User jg may run the following commands on fn: (ALL) NOPASSWD: /etc/find_alias_for_smtplib.py (ALL : ALL) ALL
sudo lists me as someone who should be able to execute all commands.
Code:
$ $ wbinfo -u administrator guest krbtgt curly jg larry moe freenas-user fn
domain users
Code:
$ wbinfo -g winrmremotewmiusers__ domain computers domain controllers schema admins enterprise admins cert publishers domain admins domain users domain guests group policy creator owners ras and ias servers allowed rodc password replication group denied rodc password replication group read-only domain controllers enterprise read-only domain controllers cloneable domain controllers protected users dnsadmins dnsupdateproxy dhcp users dhcp administrators allowed rdp sudoers
domain groups
Code:
$ wbinfo -t checking the trust secret for domain SIX via RPC calls failed failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE Could not check secret $
I think this is because my AD configuration is unencrypted?