Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Enable sudo for Win AD users authenticated with Linux samba winbind service
Operating Systems Linux Enable sudo for Win AD users authenticated with Linux samba winbind service Post 302201967 by will_mike on Tuesday 3rd of June 2008 02:38:25 PM
Old 06-03-2008
Question Enable sudo for Win AD users authenticated with Linux samba winbind service
Hi everyone,

I wonder if anyone ever came across the idea of unifying AD and Linux user accounts
We have a Linux machine with 'samba' 'winbind' service configured to let Windows AD users to logon locally using their AD accounts and passwords.
I can use 'su' to get to the local user privilege level, but it would be nice to have the same AD account be able to use sudo commands, but not rely on local Linux account password 'su' based on. Is any way to grant these Windows AD users certain permissions to run certain commands on the Linux machine using sudo(ers) and use only AD account passwords. I see a big security advantage of doing this in companies with heterogeneous OS.
[DEVDOM\test@rh4sandbox2 ~]$ sudo -l
Password:
Sorry, user DEVDOM\test may not run sudo on rh4sandbox2.

I tried to add the user to sudoers but any time I check if sudo works for the user it brings error in /var/log/messages
Jun 2 16:41:09 rh4sandbox2 sudo(pam_unix)[683]: authentication failure; logname=DEVDOM\test uid=0 euid=0 tty=pts/3 ruser= rhost= user=DEVDOM\test



there should be two backslashes \\ after domain name DEVDOM\\test

the question closed
Last edited by will_mike; 06-10-2008 at 06:40 PM.. Reason: found the solution
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Using Samba to join a win 2000 Domain

I am trying to set samba up to join my windows 2000 domain and I am having troubles If anyone if familiar with this help would be greatly appreciated I issue the following command # ./smbpasswd -j DOMAIN -r DOMAINCONTROLER And the following gets returned load_client_codepage: filename... (4 Replies)
Discussion started by: gennaro
4 Replies

2. Cybersecurity

How to enable samba login for administrator

Hi all, I am trying to enable samba access to administrator. I have added the user, but i am not able to login as administrator. But for other users i am able to login. Can anyone help me out in fixing this. Thank You in advance. (1 Reply)
Discussion started by: kymthasneem
1 Replies

3. Solaris

Re:How to enable samba services on solaries8 machine

Hi all, can any one guide me to configure samba services on solaries8 machine and how to use at the client side (i,e) how the client can retrive the data using samba services. Thanks venky (2 Replies)
Discussion started by: venky_vemuri
2 Replies

4. SCO

Authentication problems with Active Directory/Samba/Winbind/Pam

Hi all. I'm having real trouble authenticating users against active directory for my SCO UnixWare 7.1.4 box running samba 3.0.24 (installed via Maintenance pack 4). I can list AD users/groups (after overcoming several hiccups) with wbinfo -g / wbinfo -u. I can use id to get a view an ad user ie:... (0 Replies)
Discussion started by: silk600
0 Replies

5. Web Development

Apache - redirecting authenticated users to other sites

Hi everyone. Im really new here, so please have patience with me if i act out of order in any way. I do have some unix experience, but i would not call it extensive. The problem i am about to describe probably have a easy solution, but i have been unable to find it while speaking to Mr.Google... (4 Replies)
Discussion started by: antiw2k3
4 Replies

6. Red Hat

Winbind and pam - restrict all services except for samba access

Hi, I have recently taken control of a number of RHEL5.3 servers that have samba shares setup on them and are authenticating using pam and winbind. My issue is that any user that has an active directory account can currently log in to the linux boxes using their ad credentials. I need to... (0 Replies)
Discussion started by: klyne
0 Replies

7. Red Hat

Samba/Winbind issue - Can't get user and group info from sub domains

Hi, We now have a Samba or Winbind issue. The Linux client under RHEL6 can not get Windows' AD sub-domain info. See the following output please. The main domain 'Global' is shown online, but the sub-domain 'Europe' and 'Asia' are shown offline although they are online. Commands 'wbinfo -u' and... (0 Replies)
Discussion started by: aixlover
0 Replies

8. AIX

Samba 3.6.22 on AIX 7.1 with Windows AD (Kerberos and winbind)

Hi all, I have installed samba 3.6.22 on AIX 7.1 and join a windows AD with success. All seem to work fine, I have configured smb.conf, methods.cfg, kerberos, user .... the following command work fine wbinfo -u, wbinfo -g, wbinfo -i, wbinfo -s, wbinfo -S, lsuser, id... The unique... (20 Replies)
Discussion started by: PhilippeA
20 Replies

LEARN ABOUT CENTOS

pam_timestamp

PAM_TIMESTAMP(8)						 Linux-PAM Manual						  PAM_TIMESTAMP(8)

NAME

       pam_timestamp - Authenticate using cached successful authentication attempts

SYNOPSIS

       pam_timestamp.so [timestamp_timeout=number] [verbose] [debug]

DESCRIPTION

       In a nutshell, pam_timestamp caches successful authentication attempts, and allows you to use a recent successful attempt as the basis for
       authentication. This is similar mechanism which is used in sudo.

       When an application opens a session using pam_timestamp, a timestamp file is created in the timestampdir directory for the user. When an
       application attempts to authenticate the user, a pam_timestamp will treat a sufficiently recent timestamp file as grounds for succeeding.

OPTIONS

       timestamp_timeout=number
	   How long should pam_timestamp treat timestamp as valid after their last modification date (in seconds). Default is 300 seconds.

       verbose
	   Attempt to inform the user when access is granted.

       debug
	   Turns on debugging messages sent to syslog(3).

MODULE TYPES PROVIDED

       The auth and session module types are provided.

RETURN VALUES

       PAM_AUTH_ERR
	   The module was not able to retrieve the user name or no valid timestamp file was found.

       PAM_SUCCESS
	   Everything was successful.

       PAM_SESSION_ERR
	   Timestamp file could not be created or updated.

NOTES

       Users can get confused when they are not always asked for passwords when running a given program. Some users reflexively begin typing
       information before noticing that it is not being asked for.

EXAMPLES

	   auth sufficient pam_timestamp.so verbose
	   auth required   pam_unix.so

	   session required pam_unix.so
	   session optional pam_timestamp.so

FILES

       /var/run/sudo/...
	   timestamp files and directories

SEE ALSO

       pam_timestamp_check(8), pam.conf(5), pam.d(5), pam(8)

AUTHOR

       pam_timestamp was written by Nalin Dahyabhai.

Linux-PAM Manual						    09/19/2013							  PAM_TIMESTAMP(8)
All times are GMT -4. The time now is 08:10 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy