PDA

View Full Version : LDAP sudoers / Active Directory / SLES 10



landism
01-Aug-2012, 09:32
Hi All,

I'm trying to set up LDAP based sudoers via AD and have had some success doing so, but run into a problem with passwords. I have successfully extended the Active Directory schema and put in some testing sudoRole entries. Which work fine. However, when I come to run any command e.g. sudo -l will prompt for my password 3 times and not accept the password. SSH uses AD for auth and this works ok. If I add the sudo option to say bypass authentication into AD the sudo itself works fine.

getent groups/passwd return the expected output, although the password for linux enabled users is the default ABCD!efgh12345$67890 which is weird.

Can anyone suggest any pointers at where to look? SSH auth is handled by LDAP to AD over TLS. Happy to provide examples of my ldap.conf and PAM files if necessary

Many Thanks

Automatic reply
09-Aug-2012, 13:30
landism,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your issue been resolved? If not, you might try one of the following options:

- Visit http://www.suse.com/support and search the knowledgebase and/or check all
the other support options available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.suse.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.suse.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your SUSE Forums Team
http://forums.suse.com

Magic31
11-Aug-2012, 12:14
Hi All,

I'm trying to set up LDAP based sudoers via AD and have had some success doing so, but run into a problem with passwords. I have successfully extended the Active Directory schema and put in some testing sudoRole entries. Which work fine. However, when I come to run any command e.g. sudo -l will prompt for my password 3 times and not accept the password. SSH uses AD for auth and this works ok. If I add the sudo option to say bypass authentication into AD the sudo itself works fine.

getent groups/passwd return the expected output, although the password for linux enabled users is the default ABCD!efgh12345$67890 which is weird.

Can anyone suggest any pointers at where to look? SSH auth is handled by LDAP to AD over TLS. Happy to provide examples of my ldap.conf and PAM files if necessary


This is something way beyond what I've every configured, but as pointer this might help (if you have not already seen it): http://www.gratisoft.us/sudo/readme_ldap.html

-Willem