[sudo-users] sudoers in Active Directory
Grant Taylor
gtaylor at tnetconsulting.net
Wed Feb 9 17:23:28 MST 2022
On 2/9/22 2:18 PM, Cheryl Kiras wrote:
> what are we missing???
I'd have to find, then dig out, notes from 8-10 years ago. I put
together a solution using Sambs (winbind) wherein Linux / AIX / Solaris
could get user & group information from AD. Then Sudo simply saw groups
the same way that /etc/groups (et al.) worked.
> If anyone has successfully configured AD to work with Ubuntu for sudo
> access, please share the details. thank you
From memory, sudo was actually a very small part of the work effort.
How you interconnect Linux and AD is EXTREMELY critical to this
discussion. So much so that I don't think it's even possible to have
more than a 1,000 (or higher) foot discussion of the task at hand.
I see it as there are three main ways to do the integration, each of
which has different configuration requirements for sudo.
1) Samba with winbind
2) Samba without winbind
3) LDAP
PAM comes into play in all of these too.
Email me directly if you'd like me to find my old copy of my notes on
how I did my Active Directory Integration for Unix (a.k.a. ADI4U) notes.
I don't even know if the method I used (Samba + winbind) is still a
viable option or not.
--
Grant. . . .
unix || die
More information about the sudo-users
mailing list