Add AD Domain user to sudoers from the command line

I'm setting up an Ubuntu 11.04 server VM for use as a database server. It would make everyone's lives easier if we could have folks login using windows credentials and perhaps even make the machine work with the current AD-driven security we've got elsewhere.

The first leg of this was really easy to accomplish -- apt-get install likewise-open and I was pretty much in business. The problem I'm having is getting our admins into the sudoers groups -- I can't seem to get anything to take. I've tried:

a) usermod -aG sudoers [username]
b) adding the user names in several formats (DOMAIN\user, user@domain) to the sudoers file.

None of which seemed to take, I still get told "DOMAIN\user is not in the sudoers file. This incident will be reported."

So, how do I add non-local users to the sudoers?


Solution 1:

I encounter this problem and here's my solution:

Edit /etc/sudoers: with the following entries

First check aduser using command id

#id <AD user>( #id domain\\aduser01 )

Results on mine:

SMB\aduser01@linux01:~/Desktop$ id smb\\aduser02
uid=914883676(SMB\aduser02) gid=914883073(SMB\domain^users) groups=914883073(SMB\domain^users),1544(BUILTIN\Administrators),1545(BUILTIN\Users),914883072(SMB\domain^admins)

getent passwd and gid NUMBERS doesn't work for me. DOMAIN\\domain^users works for me

%SMB\\domain^users ALL=(ALL) ALL

as we all know individual AD user works also

SMB\\<aduser01> ALL=(ALL) ALL

Solution 2:

we have a long domain name with .local sufix,

neighter the

%domainname\\group ALL=(ALL) ALL

nor the

%domainname.local\\group ALL=(ALL) ALL

worked...

but if I only use the groupname like this:

%Domain^Admins ALL=(ALL) ALL

it works.