I added something like %MYDOMAIN\\MyLinuxAdminGroup ALL=(ALL) ALL to the sudoers file via visudo and it works great for the proof of concept I was trying to achieve.
-- Frank J. Briguglio | Protiviti Government Solutions -----Original Message----- From: Justin Pittman [mailto:jpitt...@likewise.com] Sent: Tuesday, April 28, 2009 3:08 PM To: Briguglio, Frank (10421) Cc: likewise-open-discuss@lists.likewisesoftware.com Subject: RE: [Likewise-open-discuss] SUDO Access Likewise Enterprise has the same functionality as Open for name services. The users or groups defined in a sudoers file will be resolved to a UID/GID, and Likewise is defined to resolve usernames and groupnames via AD if they are not found locally. (This is the 'passwd files lsass' entry in nsswitch.conf, and its group counterpart.) For groups an enumeration of its members also happens, and Likewise can return the members' UIDs from AD. As far as AD problems and local administrative backdoors, even if a Likewise client's connectivity to DCs/DNS collaspes, caching is enabled by default. Locally cached IDs would allow sudo to continue to function. Justin -----Original Message----- From: likewise-open-discuss-boun...@lists.likewisesoftware.com [mailto:likewise-open-discuss-boun...@lists.likewisesoftware.com] On Behalf Of Briguglio, Frank (10421) Sent: Tuesday, April 28, 2009 10:39 AM To: likewise-open-discuss@lists.likewisesoftware.com Subject: Re: [Likewise-open-discuss] SUDO Access Good point. I did see where I could use a combination of an AD group and the sudoers file. Is anyone trying this approach, seems to be the best approach. -- Frank J. Briguglio | Protiviti Government Solutions ________________________________ From: Alan Hatch [mailto:aha...@dollargeneral.com] Sent: Tuesday, April 28, 2009 10:34 AM To: Briguglio, Frank (10421); likewise-open-discuss@lists.likewisesoftware.com Subject: RE: SUDO Access Frank, To add to what has already been offered, you can also set your admins up in a local group and use that group to control access via the sudoers file if you want more granular access (that is how we manage developer accounts). Please be aware, however, that your Linux admins won't be able to do their job if you have AD issues (we maintain local accounts for all administrators). ________________________________ From: likewise-open-discuss-boun...@lists.likewisesoftware.com [mailto:likewise-open-discuss-boun...@lists.likewisesoftware.com] On Behalf Of Briguglio, Frank (10421) Sent: Tuesday, April 28, 2009 9:07 AM To: likewise-open-discuss@lists.likewisesoftware.com Subject: [Likewise-open-discuss] SUDO Access I would like to have linux admins login with AD credentials and then sudo to perform advanced administrative tasks. With Likewise Open can I configure this without modifying the sudoers file? What about Likewise Enterprise? Thanks in advance. _____________________________________________________________________ Likewise-open-discuss mailing list Likewise-open-discuss@lists.likewisesoftware.com Found a bug? Please file a report: http://lobugs.likewise.com/ Looking for other discussion options? Try our forums: http://www.likewise.com/community/index.php/forums/
