Answer the question
In order to leave comments, you need to log in
A
A
Andrey2021-10-19 11:41:47
Andrey, 2021-10-19 11:41:47
Sudo rights of domain (AD) users?
Hello, tell me where are the wrong settings?
AD domain The
Linux machine is connected to the domain, xrdp is installed, users log in, everything is fine
. The AD user cannot grant sudo rights, the OU in the domain where the users are located is named in Cyrillic (I don’t know how bad this is within the framework of this problem?)
according to the configs like this
spoiler
sssd.conf
[sssd]
domains = domain.ru
default_domain_suffix = domain.ru
config_file_version = 2
services = nss, pam, sudo, ssh
[domain/domain.ru]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = DOMAIN.RU
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%[email protected]%d
ad_domain = domain.ru
use_fully_qualified_names = True
ldap_id_mapping = True
access_provider = simplein /etc/sudoers.d/domain
spoiler
%domain.ru\\Сотрудники ALL=(ALL) ALLI tried different options, but to no avail
I will be grateful for the advice!
1 answer(s)
@MoscowStyle
V
Vitaly Karasik, 2021-10-19 @MoscowStyle
As far as I remember, the domain here (in /etc/sudoers.d/domain) has nothing to do with it, add it by groups.
Go to one of the users, run "id", look at the groups and add the relevant ones to /etc/sudoers.d/domain.
By the way, in IMHO in sssd.conf it's more convenient "use_fully_qualified_names = false"
Similar questions
N
D
J
A
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question