Question

8

Add AD Domain user to sudoers from the command line

rated 0 times [ 8] [ 0] / answers: 1 / hits: 118384 / 3 Years ago, mon, july 5, 2021, 2:06:00

I'm setting up an Ubuntu 11.04 server VM for use as a database server. It would make everyone's lives easier if we could have folks login using windows credentials and perhaps even make the machine work with the current AD-driven security we've got elsewhere.

The first leg of this was really easy to accomplish -- apt-get install likewise-open and I was pretty much in business. The problem I'm having is getting our admins into the sudoers groups -- I can't seem to get anything to take. I've tried:

a) usermod -aG sudoers [username]

b) adding the user names in several formats (DOMAINuser, user@domain) to the sudoers file.

None of which seemed to take, I still get told "DOMAINuser is not in the sudoers file. This incident will be reported."

So, how do I add non-local users to the sudoers?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

pilun

Add To Favorites

Follow

Total Points: 270

Total Questions: 100

Total Answers: 94

Location: England

Member since Sat, Feb 13, 2021

3 Years ago

answered 3 Years ago theurn · Accepted Answer

I encounter this problem and here's my solution:

Edit /etc/sudoers: with the following entries

First check aduser using command id

#id <AD user>( #id domainaduser01 )

Results on mine:

SMBaduser01@linux01:~/Desktop$ id smbaduser02

uid=914883676(SMBaduser02) gid=914883073(SMBdomain^users) groups=914883073(SMBdomain^users),1544(BUILTINAdministrators),1545(BUILTINUsers),914883072(SMBdomain^admins)

getent passwd and gid NUMBERS doesn't work for me. DOMAINdomain^users works for me

%SMBdomain^users ALL=(ALL) ALL

as we all know individual AD user works also

SMB<aduser01> ALL=(ALL) ALL