What:
Linux server - Debian, Ubuntu, Red Hat, SLES
Problem:
You want to give members of Active Directory group "Domain Admins" the ability to run commands as root using the sudo command.
Solution:
1. Log on to your linux server as root.
2. Use visudo command to edit /etc/sudoers file
visudo3. Add the following line at the bottom
%DOMAIN\\domain\ admins ALL=(ALL) ALLor
%DOMAIN\\domain^admins ALL=(ALL) ALL
With Likewise (re-branded to PowerBroker) you can configure to assume default domain:
AssumeDefaultDomain trueIf you have done it then skip DOMAIN.
%domain^admins ALL=(ALL) ALL
Make sure to escape spaces in group names with backslashes or use caret sign instead "^".
To check group membership for a user use "id" i.e.
id administrator
In this example I assume you can already log on with your domain credentials.
No comments:
Post a Comment