[lug] sudo, pam, and SuSE 10.2
blug-mail at duboulder.com
Wed Feb 7 21:38:40 MST 2007
Andrew Diederich wrote:
> I've just installed SuSE 10.2, and configured it to use PAM against my
> active directory server, so I could try and remember just _one_ set of
> passwords. That was great right out of the box -- it made a machine
> account on the domain, I can login with "domain\windows.username", it
> creates a home directory for me, it's all good.
> What I can't do is get sudo to work. Sudo just can't seem to identify
> who I am. I've tried about everything I can think of, but just
> haven't gotten it. Has anyone else made this go?
Haven't done done any AD authentication.
What linux account is the AD account getting mapped to when
you log in? Try the id command to see.
Do you have files in /etc/pam.d related to sudo? If so they will
have info about restrictions (such as needing to be a
member of wheel for example)
> My sudoers file:
> DOMAIN\windows.username ALL=(ALL) ALL
> domain\windows.username ALL=(ALL) ALL
> domain/windows.username ALL=(ALL) ALL
> windows.username ALL=(ALL) ALL
> %Domain\ windows.username ALL=(ALL) ALL
> %Domain\windows.username ALL=(ALL) ALL
> The error I get is "DOMAIN\windows.username is not in the sudoers
> file. This incident will be reported."
> I did turn off the evil SuSE targetpw default, where you need to know
> the target's password to run sudo. Why they think it's a good idea, I
> have no clue.
More information about the LUG