[sudo-users] sudoers in Active Directory
Cheryl Kiras
ckiras at mtholyoke.edu
Thu Feb 10 07:13:51 MST 2022
We are using sudoerRoels in Active Directory with user groups and computer
groups... it seems that Linux will recognize ALL or a single HOST name, but
can't resolve a group of HOSTS within AD.
Cheryl Kiras
Systems Administrator
Mount Holyoke College
On Wed, Feb 9, 2022 at 7:23 PM Grant Taylor via sudo-users <
sudo-users at sudo.ws> wrote:
> On 2/9/22 2:18 PM, Cheryl Kiras wrote:
> > what are we missing???
>
> I'd have to find, then dig out, notes from 8-10 years ago. I put
> together a solution using Sambs (winbind) wherein Linux / AIX / Solaris
> could get user & group information from AD. Then Sudo simply saw groups
> the same way that /etc/groups (et al.) worked.
>
> > If anyone has successfully configured AD to work with Ubuntu for sudo
> > access, please share the details. thank you
>
> From memory, sudo was actually a very small part of the work effort.
> How you interconnect Linux and AD is EXTREMELY critical to this
> discussion. So much so that I don't think it's even possible to have
> more than a 1,000 (or higher) foot discussion of the task at hand.
>
> I see it as there are three main ways to do the integration, each of
> which has different configuration requirements for sudo.
>
> 1) Samba with winbind
> 2) Samba without winbind
> 3) LDAP
>
> PAM comes into play in all of these too.
>
> Email me directly if you'd like me to find my old copy of my notes on
> how I did my Active Directory Integration for Unix (a.k.a. ADI4U) notes.
> I don't even know if the method I used (Samba + winbind) is still a
> viable option or not.
>
>
>
> --
> Grant. . . .
> unix || die
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> https://www.sudo.ws/mailman/listinfo/sudo-users
>
More information about the sudo-users
mailing list