[sudo-users] Solaris 10, AD authentication and sudo (excessive) AD group lookups

Jeff Martin Jeff.Martin at panasonic.aero
Wed Jun 13 11:18:24 MDT 2018

User belonging to many > 150 AD Groups, may not allow sudo to see the group so lookup of %GROUP in sudoers fails with permission not allowed if group not in first 32 lookups.

Solaris 10 SPARC
Sudo 1.8.23
Compiled on system default options
Powerbroker Open AD authentication

User belongs to 166 AD groups.
Powerbroker sees 166 AD group memberships.
Sudo sees 32 groups based on turning on sudo debug mode and checking the logs for # occurrences of "user is a member of ...."

Issued a 'sudo -l -U' username which provided data for logs.

Is this a known issue? Is there possibly a workaround? Let me know if more data is needed.

Thanks in advance.


More information about the sudo-users mailing list