[sudo-users] Transforming /etc/sudoers to LDAP/AD
Suj
sujnanshetty at gmail.com
Tue Jan 27 09:59:17 EST 2009
It is not much different that assigning permissions based on groups. You
just need to prepend the domain name before the group name, in the sudoers
file. The user's AD group name is the group that needs to be named in the
sudoers file.
It's all there in the documentation, you need to experiment with the sudoers
file and convince yourself to read more ...
########################################################################
# Giving grp1 group members all root privileges
%domain-name\\grp1 ALL=(ALL) ALL
# Giving "support" group limited access to root commands
%domain-name\\support ALL=(root) KILL, APACHE, !SU, !SCP, !BIN, !SHELL,
MONITOR,\
INSTALL, EDIT
########################################################################
-----------------------------------------------------------------------
On Mon, Jan 26, 2009 at 8:30 PM, Manjunatha, Jamuna <
Jamuna.Manjunatha at ironmountain.com> wrote:
>
> I am now logging into LINUX using LDAP/AD windows authentication.
> Basically when I loginto LINUX I am logging using my windows
> authentication.
> earlier I had created local users on Linux & sudo so I could do sudo & I
> was fine.
> Now that I am authenticating to LINUX via windows LDAP/AD, How will the
> sudo work?
> Should I create the sudo config file on windows OR Once I am logged into
> LINUX (via
> LDAP/AD authentication), use the existing /etc/sudoers file??
>
> I am not sure how this sudo will work on LDAP/AD authentication.
>
> I did look on-line, but I am not convinced I have a solution.
>
> Thanks in advance
More information about the sudo-users
mailing list