Glenn Bailey
2008-Apr-23 18:02 UTC
[Samba] nested groups not working with sudo and winbind
Howdy folks, I'm having an issue with sudo not recognizing nested groups via AD and winbind. I have an AD group called UnixAdmins and when I ad and AD account *directly* into this group, I am able to use sudo just fine as it is in the sudoers. *but* say I have a nested group in UnixAdmins like CustomerUsers or whatnot it won't recognize. Now, I also restrict access via pam.d systems-auth to UnixAdmins, so I know that part it working. Also, when I run and "id" it shows the proper groups. It's just seems sudo won't recognize the nested groups :-( Anyone run into this issue before? It's gonna be an admin nightmare just to populate UnixAdmins with individual accounts .. Glenn E. Bailey III terremark worldwide
Gerald (Jerry) Carter
2008-Apr-23 18:40 UTC
[Samba] nested groups not working with sudo and winbind
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Bailey wrote:> Howdy folks, > > I'm having an issue with sudo not recognizing nested groups > via AD and winbind. I have an AD group called UnixAdmins and > when I ad and AD account *directly* into this group, I am able > to use sudo just fine as it is in the sudoers. *but* say I > have a nested group in UnixAdmins like CustomerUsers or whatnot > it won't recognize. Now, I also restrict access via pam.d systems-auth > to UnixAdmins, so I know that part it working. Also, when I run > and "id" it shows the proper groups. It's just seems sudo won't > recognize the nested groups :-( > > Anyone run into this issue before? It's gonna be an admin nightmare > just to populate UnixAdmins with individual accounts ..This was fixed in the upcoming 3.2 release. See the "winbind expand groups" option. cheers, jerry - -- ====================================================================Samba ------- http://www.samba.org Likewise Software --------- http://www.likewisesoftware.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFID4KqIR7qMdg1EfYRAgt2AJ93S4Ui1BCaODky99o5QOj9YHUE9gCg4fVD w69AwDShdPp6xQGFeZmTUSA=Nu+h -----END PGP SIGNATURE-----