[lug] sudo, pam, and SuSE 10.2

Andrew Diederich andrewdied at gmail.com
Wed Feb 7 16:07:46 MST 2007

I've just installed SuSE 10.2, and configured it to use PAM against my
active directory server, so I could try and remember just _one_ set of
passwords.  That was great right out of the box -- it made a machine
account on the domain, I can login with "domain\windows.username", it
creates a home directory for me, it's all good.

What I can't do is get sudo to work.  Sudo just can't seem to identify
who I am.  I've tried about everything I can think of, but just
haven't gotten it.  Has anyone else made this go?

My sudoers file:
DOMAIN\windows.username ALL=(ALL) ALL
domain\windows.username ALL=(ALL) ALL
domain/windows.username ALL=(ALL) ALL
windows.username        ALL=(ALL) ALL
%Domain\ windows.username       ALL=(ALL) ALL
%Domain\windows.username        ALL=(ALL) ALL

The error I get is "DOMAIN\windows.username is not in the sudoers
file. This incident will be reported."

I did turn off the evil SuSE targetpw default, where you need to know
the target's password to run sudo.  Why they think it's a good idea, I
have no clue.

Best regards,
 Andrew Diederich

More information about the LUG mailing list