PDA

View Full Version : MS AD Authentication: Sudo rights to Linux Admin Group



charl_viljoen
05-May-2015, 06:11
Hi Guys,

I have about 30 odd SUSE Linux Enterprise Server 11 (x86_64) VERSION=11 PATCHLEVEL=3 servers I administer on a day to day basis. I have a test server that I just joined to our MS AD 2012. I want the users to login with their windows credentials. I used the wizard in Yast to join the domain. I would like to give Sudo rights to Linux Admin Group on AD. How would I go about doing that? I did check and I can login but I can run almost no commands. Just the basic stuff.

Hope you all can point me in the right direction.

Thanks!

ab
05-May-2015, 06:36
As a first step, does the group in question show up in the list of groups
that the system recognizes?



getent group



--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

charl_viljoen
05-May-2015, 08:37
It does not look like any group information is populating on the Linux side. The only extra group if I compare it with the other servers is:


winbind:!:115:

I only did the Samba domain join. I did not do LDAP or any other configuration. Would that make a difference? I read that if I configure LDAP that it would need a domain password to be able to access the directory.

I followed the information below to join the server to the domain:

Configuring a Linux Client for Active Directory (https://www.suse.com/documentation/sles11/book_security/data/sec_ad_config.html)

Currently I can login using the following to ssh:


ssh DOMAIN\\user@hostname

When I am logged in I have absolutely no rights when using my AD credentials.