[sudo-workers] sudo and pam_winbind
Todd C. Miller
Todd.Miller at courtesan.com
Thu Jul 23 14:41:47 MDT 2015
On Thu, 23 Jul 2015 20:10:06 +0100, Phil Lello wrote:
> The failing commands are sudo -i and sudo <anything>:
>
> DUNLOP-LELLO\phil at inferno:~/src/misc/sudo-1.8.9p5/plugins/sample$ sudo -i
> [sudo] password for DUNLOP-LELLO\phil:
> DUNLOP-LELLO\phil is not in the sudoers file. This incident will be
> reported.
> DUNLOP-LELLO\phil at inferno:~/src/misc/sudo-1.8.9p5/plugins/sample$ sudo ls
> [sudo] password for DUNLOP-LELLO\phil:
> DUNLOP-LELLO\phil is not in the sudoers file. This incident will be
> reported.
> DUNLOP-LELLO\phil at inferno:~/src/misc/sudo-1.8.9p5/plugins/sample$
>
> The winbind pam modules allow my user to be referred to as either phil or
> DUNLOP-LELLO\phil - it may be that the backslash is getting treated as an
> escape character in some cases.
The backslash could be a problem. You'll probably need to double
the blackslash in your sudoers entries. E.g.
DUNLOP-LELLO\\phil ALL = ALL
If you add the following to /etc/sudo.conf:
Debug sudo /var/log/sudo_debug debug at match
You should be able to see what is being matched.
- todd
More information about the sudo-workers
mailing list