[sudo-workers] sudo and pam_winbind

Todd C. Miller Todd.Miller at courtesan.com
Thu Jul 23 14:41:47 MDT 2015


On Thu, 23 Jul 2015 20:10:06 +0100, Phil Lello wrote:

> The failing commands are sudo -i and sudo <anything>:
> 
> DUNLOP-LELLO\phil at inferno:~/src/misc/sudo-1.8.9p5/plugins/sample$ sudo -i
> [sudo] password for DUNLOP-LELLO\phil:
> DUNLOP-LELLO\phil is not in the sudoers file.  This incident will be
> reported.
> DUNLOP-LELLO\phil at inferno:~/src/misc/sudo-1.8.9p5/plugins/sample$ sudo ls
> [sudo] password for DUNLOP-LELLO\phil:
> DUNLOP-LELLO\phil is not in the sudoers file.  This incident will be
> reported.
> DUNLOP-LELLO\phil at inferno:~/src/misc/sudo-1.8.9p5/plugins/sample$
> 
> The winbind pam modules allow my user to be referred to as either phil or
> DUNLOP-LELLO\phil - it may be that the backslash is getting treated as an
> escape character in some cases.

The backslash could be a problem.  You'll probably need to double
the blackslash in your sudoers entries.  E.g.

DUNLOP-LELLO\\phil	ALL = ALL

If you add the following to /etc/sudo.conf:

Debug sudo /var/log/sudo_debug debug at match

You should be able to see what is being matched.

 - todd


More information about the sudo-workers mailing list