[sudo-users] Transforming /etc/sudoers to LDAP/AD

Manjunatha, Jamuna Jamuna.Manjunatha at ironmountain.com
Tue Jan 27 10:39:12 EST 2009 

Where do we keep the sudoers file on windows??

 

I want to keep the sudoers file on windows LDAP, instead of LINUX so I
can disable /etc/sudoers & /etc/group on every linux hosts.

 

How can windows read the sudoers file & authenticate accordingly??

 

Can I do this??

 

Advise???

 

Thank you all..

 

________________________________

From: Suj [mailto:sujnanshetty at gmail.com] 
Sent: Tuesday, January 27, 2009 9:59 AM
To: Manjunatha, Jamuna; Russell Van Tassell; Radesh_Singh at ml.com;
sudo-users at sudo.ws; Pidugu Vijaya
Subject: Re: [sudo-users] Transforming /etc/sudoers to LDAP/AD

 

  

It is not much different that assigning permissions based on groups. You
just need to prepend the domain name before the group name, in the
sudoers file. The user's AD group name is the group that needs to be
named in the sudoers file. 

 

It's all there in the documentation, you need to experiment with the
sudoers file and convince yourself to read more ...

 

########################################################################
# Giving  grp1 group members all root privileges
%domain-name\\grp1 ALL=(ALL) ALL

 

# Giving "support" group limited access to root commands 
%domain-name\\support ALL=(root) KILL, APACHE, !SU, !SCP, !BIN, !SHELL,
MONITOR,\
          INSTALL, EDIT
########################################################################

 


-----------------------------------------------------------------------

On Mon, Jan 26, 2009 at 8:30 PM, Manjunatha, Jamuna
<Jamuna.Manjunatha at ironmountain.com> wrote:


I am now logging into LINUX using LDAP/AD windows authentication.
Basically when I loginto LINUX I am logging using my windows
authentication.
earlier I had created local users on Linux & sudo so I could do sudo & I
was fine.

 

	Now that I am authenticating to LINUX via windows LDAP/AD, How
will the sudo work?
	Should I create the sudo config  file on windows OR Once I am
logged into LINUX (via
	LDAP/AD authentication), use the existing /etc/sudoers file??
	
	I am not sure how this sudo will work on LDAP/AD authentication.
	
	I did look on-line, but I am not convinced I have a solution.
	
	Thanks in advance



The information contained in this email message and its attachments
is intended
only for the private and confidential use of the recipient(s) named
above, unless the sender expressly agrees otherwise. Transmission
of email over the Internet
 is not a secure communications medium. If you are requesting or
have requested
the transmittal of personal data, as defined in applicable privacy
laws by means
 of email or in an attachment to email you must select a more
secure alternate means of transmittal that supports your
obligations to protect such personal data. If the reader of this
message is not the intended recipient and/or you have received this
email in error, you must take no action based on the information in
this email and you are hereby notified that any dissemination,
misuse, copying, or disclosure of this communication is strictly
prohibited. If you have received
this communication in error, please notify us immediately by email
and delete the original message.

More information about the sudo-users mailing list