Hi everyone,
I wonder if anyone ever came across the idea of unifying AD and Linux user accounts
We have a Linux machine with 'samba' 'winbind' service configured to let Windows AD users to logon locally using their AD accounts and passwords.
I can use 'su' to get to the local user privilege level, but it would be nice to have the same AD account be able to use sudo commands, but not rely on local Linux account password 'su' based on. Is any way to grant these Windows AD users certain permissions to run certain commands on the Linux machine using sudo(ers) and use only AD account passwords. I see a big security advantage of doing this in companies with heterogeneous OS.
[DEVDOM\test@rh4sandbox2 ~]$ sudo -l
Password:
Sorry, user DEVDOM\test may not run sudo on rh4sandbox2.
I tried to add the user to sudoers but any time I check if sudo works for the user it brings error in /var/log/messages
Jun 2 16:41:09 rh4sandbox2 sudo(pam_unix)[683]: authentication failure; logname=DEVDOM\test uid=0 euid=0 tty=pts/3 ruser= rhost= user=DEVDOM\test
there should be two backslashes \\ after domain name DEVDOM\\test
the question closed