Linux – Sudo Access for Active Directory Groups

active-directorylinuxsssdsudo

I have my Linux machine connected to AD but I am unable to get sudo privileges. I can sign on using AD credentials, but sudo doesn't work.

I have looked at everything I can find and everyone says to add the following to the sudoers file:

%MYDOMAIN\mygroup ALL=(ALL)ALL

When I do this and try to sudo it responds:

myusername is not in the suoders file. This incident will be reported.

Might the problem be that the AD domain/group is not listed in the group or passwd file? If so, how can I add it?

Best Answer

https://unix.stackexchange.com/questions/150476/allow-ad-groups-to-sudo may help:

winbind and sssd import the AD groups in an equivalent manner to NIS netgroups. So your group definitions in the /etc/sudoers file need to start with + and not %. Furthermore, names containing spaces should either be double-quoted, or each space specified as \x20.
%sudo              ALL = (ALL) ALL
+"domain users"    ALL = (ALL) ALL
+domain\x20admins  ALL = (ALL) NOPASSWD: ALL

Related Solutions

Ubuntu – I modified sudoers file and I no longer have any users who can sudo

If you haven't changed the root password then you should be able to reboot and select rescue mode from the grub menu.

Or you could reboot from a livecd, mount the root partition and undo your change.

Linux – Having users su/sudo in Linux based on Active Directory group when using pam_winbind

Per Hadyman5's comment, I ran the following:

 id MYDOMAIN\\djsumdog

...and saw that my group was actually MYDOMAIN\linuxadmins, all lower case. I then added the following to my sudo configuration:

%MYDOMAIN\\linuxadmins ALL=(ALL) ALL

And sudo works fine now with the users in that group.

Best Answer

Related Solutions

Ubuntu – I modified sudoers file and I no longer have any users who can sudo

Linux – Having users su/sudo in Linux based on Active Directory group when using pam_winbind

Related Topic