[sudo-users] Transforming /etc/sudoers to LDAP/AD

Manjunatha, Jamuna Jamuna.Manjunatha at ironmountain.com
Tue Jan 27 14:50:04 EST 2009 

Can you please detail a little bit please??

 

Thanks

 

________________________________

From: Pidugu Vijaya [mailto:Vijaya.Pidugu at sig.com] 
Sent: Tuesday, January 27, 2009 2:49 PM
To: Manjunatha, Jamuna; Suj; Russell Van Tassell; Radesh_Singh at ml.com;
sudo-users at sudo.ws; Pidugu Vijaya
Subject: RE: [sudo-users] Transforming /etc/sudoers to LDAP/AD

 

not sure if you resolved this.... we actually use an nfs share where we
put our sudoers file.

 

We tested using Active Directory for user authentication.  In AD we had
to put some kind of sudo object to make it work though!

 

 

________________________________

From: Manjunatha, Jamuna [mailto:Jamuna.Manjunatha at ironmountain.com] 
Sent: Tuesday, January 27, 2009 10:39 AM
To: Suj; Russell Van Tassell; Radesh_Singh at ml.com; sudo-users at sudo.ws;
Pidugu Vijaya
Subject: RE: [sudo-users] Transforming /etc/sudoers to LDAP/AD

Where do we keep the sudoers file on windows??

 

I want to keep the sudoers file on windows LDAP, instead of LINUX so I
can disable /etc/sudoers & /etc/group on every linux hosts.

 

How can windows read the sudoers file & authenticate accordingly??

 

Can I do this??

 

Advise???

 

Thank you all..

 

________________________________

From: Suj [mailto:sujnanshetty at gmail.com] 
Sent: Tuesday, January 27, 2009 9:59 AM
To: Manjunatha, Jamuna; Russell Van Tassell; Radesh_Singh at ml.com;
sudo-users at sudo.ws; Pidugu Vijaya
Subject: Re: [sudo-users] Transforming /etc/sudoers to LDAP/AD

 

  

It is not much different that assigning permissions based on groups. You
just need to prepend the domain name before the group name, in the
sudoers file. The user's AD group name is the group that needs to be
named in the sudoers file. 

 

It's all there in the documentation, you need to experiment with the
sudoers file and convince yourself to read more ...

 

########################################################################
# Giving  grp1 group members all root privileges
%domain-name\\grp1 ALL=(ALL) ALL

 

# Giving "support" group limited access to root commands 
%domain-name\\support ALL=(root) KILL, APACHE, !SU, !SCP, !BIN, !SHELL,
MONITOR,\
          INSTALL, EDIT
########################################################################

 


-----------------------------------------------------------------------

On Mon, Jan 26, 2009 at 8:30 PM, Manjunatha, Jamuna
<Jamuna.Manjunatha at ironmountain.com> wrote:


I am now logging into LINUX using LDAP/AD windows authentication.
Basically when I loginto LINUX I am logging using my windows
authentication.
earlier I had created local users on Linux & sudo so I could do sudo & I
was fine.

 

	Now that I am authenticating to LINUX via windows LDAP/AD, How
will the sudo work?
	Should I create the sudo config  file on windows OR Once I am
logged into LINUX (via
	LDAP/AD authentication), use the existing /etc/sudoers file??
	
	I am not sure how this sudo will work on LDAP/AD authentication.
	
	I did look on-line, but I am not convinced I have a solution.
	
	Thanks in advance

________________________________

The information contained in this email message and its attachments is
intended only for the private and confidential use of the recipient(s)
named above, unless the sender expressly agrees otherwise. Transmission
of email over the Internet is not a secure communications medium. If you
are requesting or have requested the transmittal of personal data, as
defined in applicable privacy laws by means of email or in an attachment
to email you must select a more secure alternate means of transmittal
that supports your obligations to protect such personal data. If the
reader of this message is not the intended recipient and/or you have
received this email in error, you must take no action based on the
information in this email and you are hereby notified that any
dissemination, misuse, copying, or disclosure of this communication is
strictly prohibited. If you have received this communication in error,
please notify us immediately by email and delete the original message. 

 

________________________________

IMPORTANT: The information contained in this email and/or its
attachments is confidential. If you are not the intended recipient,
please notify the sender immediately by reply and immediately delete
this message and all its attachments. Any review, use, reproduction,
disclosure or dissemination of this message or any attachment by an
unintended recipient is strictly prohibited. Neither this message nor
any attachment is intended as or should be construed as an offer,
solicitation or recommendation to buy or sell any security or other
financial instrument. Neither the sender, his or her employer nor any of
their respective affiliates makes any warranties as to the completeness
or accuracy of any of the information contained herein or that this
message or any of its attachments is free of viruses.

More information about the sudo-users mailing list