Adding Active directory group to sudoers not working

Support for security such as Firewalls and securing linux
Post Reply
DillonHansen
Posts: 2
Joined: 2016/11/18 22:41:07

Adding Active directory group to sudoers not working

Post by DillonHansen » 2016/11/18 23:02:33

Hi everyone, I hope i can get some help on this issue because its driving me crazy...

Goal: I want to have members of an active directory group be able to login and have access to run sudo commands.
OS: running CentOS7
AD functional level: 2008R2
Name of AD group to give sudo access to: linuxadmins

What is working so far...
I can login as any AD user to the CentOS7 server.
I can get the membership of an AD user on the CentOS7 box.

What is not working so far...
When I attempt to run "sudo setup" as any AD user that is a member of linuxadmins . I get a message that says "Sorry, user DOMAIN\username may not run sudo on SERVERNAME"

What has been attempted to give sudo rights to linuxadmins...
In the terminal I ran: visudo to edit the sudoers file
I tried everything under the sun to get this to work...
below is entries I have tried....
%DOMAIN\\linuxadmins ALL=(ALL) ALL
+DOMAIN\\linuxadmins ALL=(ALL) ALL
%DOMAIN.com\\linuxadmins ALL=(ALL) ALL
+DOMAIN.com\\linuxadmins ALL=(ALL) ALL
%linuxadmins ALL=(ALL) ALL
+linuxadmins ALL=(ALL) ALL
linuxadmins ALL=(ALL) ALL

I have a feeling I'm missing another step somewhere but I have no idea where the h3ll it is.... :?: :?: :?:
I've spend all day googling/reading fourms/youtubing and its all the same stuff that I have tried that does not work... I really want to use CentOS7 in our environment but this really needs to work before that happens...

consuman
Posts: 8
Joined: 2016/11/20 00:44:38
Contact:

Re: Adding Active directory group to sudoers not working

Post by consuman » 2016/11/20 12:52:22

Hi :)

Have u tried to add users to the "wheel" group?

# usermod -a -G wheel YourUsername

Maybe I get u wrong with the "active directory" stuff, dont know if it's something special, but this way we get sudoers to work on Centos 7.
Only in Centos 6.x editing the sudoers file was necessary.

Peace

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Adding Active directory group to sudoers not working

Post by TrevorH » 2016/11/20 13:31:48

If you run id $username against one of the users that should be in that group, does it list the group in question?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

DillonHansen
Posts: 2
Joined: 2016/11/18 22:41:07

Re: Adding Active directory group to sudoers not working

Post by DillonHansen » 2016/11/20 17:38:54

I found out how to make it work! If I edit the sudoers file and add the group like this: linuxadmins@DOMAIN.COM it will work.
I also noticed that only AD users that are members of linuxadmins will work, group nesting does not. For example, if I make domain admins a member of linuxadmins and a user that is a member of domain admins tries to login it won't work.
I hope this information helps others!

lg20
Posts: 1
Joined: 2017/12/08 14:33:02

Re: Adding Active directory group to sudoers not working

Post by lg20 » 2017/12/08 14:36:25

DillonHansen what did you edit in the sudoers file? I'm new to this and trying to do something very similar to what you were.

slashnull
Posts: 3
Joined: 2014/06/20 15:01:54

Re: Adding Active directory group to sudoers not working

Post by slashnull » 2017/12/19 16:20:21

Just in case someone finds this in a google search like myself the change to get it working for myself in the sudoers files was as follows:

Code: Select all

%wheel@ ALL=(ALL)       ALL
to

Code: Select all

%wheel@MYDOMAIN.COM ALL=(ALL)       ALL

Post Reply