PDA

View Full Version : [ubuntu] Domain user into sudoers



faust_
July 23rd, 2008, 12:41 PM
Hi!
I'm using ubuntu server edition. And connecting to windows domain using Likewise open, but I can't use domain user as sudoer. I have added domain user into sudoers (using visudo):
domain\user ALL=(ALL) ALL
but when I use

sudo some command
it tells that user is not in sudoers list..

Help!

jdavis
July 23rd, 2008, 01:37 PM
The following post makes reference to using two slashes rather than one in sudoers.

so try:
domain\\user ALL=(ALL) ALL

rather than:
domain\user ALL=(ALL) ALL

http://lists.likewisesoftware.com/pipermail/likewise-open-discuss/2008-February/000116.html

faust_
July 24th, 2008, 07:51 AM
The following post makes reference to using two slashes rather than one in sudoers.

so try:
domain\\user ALL=(ALL) ALL

rather than:
domain\user ALL=(ALL) ALL

http://lists.likewisesoftware.com/pipermail/likewise-open-discuss/2008-February/000116.html

that doesn't helped.. :(
he writes that user is not in sudoers list

jcbwalsh
August 7th, 2008, 10:05 PM
I had the same problem and using the \\ worked perfectly for me.

likeWiseGuy
October 2nd, 2008, 01:30 AM
that doesn't helped.. :(
he writes that user is not in sudoers list

Hi faust.

Are you still seeing this issue with sudoers? The recommended approach of using "\\" instead of "\" should do the trick for you. If it doesn't, let me know and maybe I can assist.

Thanks.

mdarden
October 27th, 2008, 03:01 PM
likeWiseGuy,

I would like to do something similar, and have seen success with Domain\\username, but I need help with groups. For example, I'd like all Domain Users to have sudo rights. How do I do that?


Thanks,
Marcus

mdarden
October 27th, 2008, 07:39 PM
I figured it out!!

%DOMAIN\\domain^users ...

masterJanky
February 5th, 2009, 04:35 PM
Does this only work on Domain Users? I tried to throw the Domain Admins group in there, but no dice. Anybody come across this?

brian mcgee
February 15th, 2009, 07:58 AM
Does this only work on Domain Users? I tried to throw the Domain Admins group in there, but no dice. Anybody come across this?

Domain admins group works fine for me. Add:


%DOMAIN\\domain^admins ALL=(ALL) ALLAlso, if you added:


winbind use default domain = yesTo


/etc/samba/lwiauthd.confYou should be able to add a domain user as a sudoer by adding this to your sudoers file:


USER ALL=(ALL) ALLI don't need the "DOMAIN\\" prefix

pwebster25
April 10th, 2009, 12:21 AM
Also, if you added:


winbind use default domain = yesTo


/etc/samba/lwiauthd.conf
If I do this will I be able to login to the machine itself or just into the domain? What if I am working offline?

Can I get the computer to adopt the user rights that are established on the domain?

brian mcgee
April 12th, 2009, 01:54 AM
Also, if you added:


winbind use default domain = yesTo


/etc/samba/lwiauthd.confIf I do this will I be able to login to the machine itself or just into the domain? What if I am working offline?

Can I get the computer to adopt the user rights that are established on the domain?

You can still login with local accounts even with that change to /etc/samba/lwiauthd.conf -- if the domain controller can't be reached, the computer will used cached credentials if that user has ever successfully logged into that computer. I'm not sure I'm 100% clear on your question about user rights, but domain users can access samba shares (for example) with the same permissions their domain account is granted. Specifically, what are you wondering about?

Crinos512
September 5th, 2009, 10:48 PM
I have a laptop set up on a domain with the %DOMAIN\\domain^admins ALL=(ALL) ALL in the visudo file.

Every thing works great! ...but whenever I take it home with me (ie. off the domain) I loose sudo rights.

(I currently get around this by using ssh to access the local machine as the local admin.)

Any ideas how I can fix this?

:popcorn:

brian mcgee
October 6th, 2009, 12:38 AM
I have a laptop set up on a domain with the %DOMAIN\\domain^admins ALL=(ALL) ALL in the visudo file.

Every thing works great! ...but whenever I take it home with me (ie. off the domain) I loose sudo rights.

(I currently get around this by using ssh to access the local machine as the local admin.)

Any ideas how I can fix this?

Not sure, maybe add the user to the sudoers file:


username ALL=(ALL) ALL

windowsconvert09
August 2nd, 2011, 10:06 PM
I had the same problem and using the \\ worked perfectly for me.

Same here! Thanks!

linuxnoob09
November 15th, 2011, 12:09 AM
Maybe someone can help, I have had this same type of problem and have tried every conceivable combination to fix it.

Let's say I connect with a domain account

corp\me

The full domain name is corp.xxxxx.com

I really only want the corp\me account to have sudo rights. I have tried seemingly every combination within visudo to make this happen, where am I going wrong? Using 11.10 and connecting to domain with Centrify, although I am pretty sure that shouldn't matter in regard to this.

Do I add the user directly under the admin heading in visudo, to the end of the file???

chucktryon
April 5th, 2013, 07:36 PM
We're on a large, distributed domain with multiple sites. I've successfully joined the domain, but I can't just use "domain^admins" for the group name. For reasons I won't try to go into here, our group names all have code for the office appended, like: "it admins (us)". I understand using "^" for spaces, but is there a way to enter the "()" characters? I tried the obvious "\(us\)", which doesn't give me a parsing error, but still doesn't work... :-(