sudo fails to authenticate user with pam_ldap based group
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sudo (Ubuntu) |
Invalid
|
Undecided
|
Justin M. Wray |
Bug Description
Binary package hint: sudo
Version: Ubuntu Server 7.04
I amm currently using pam_ldap for authentication.
I've created groups on the openldap server which mirrors those in the /etc/group system file. I intend to *augment* the system group memberships with those found in ldap. This is currently working for file permissions. This however does not work when I run sudo or su.
From the /etc/group file:
admin:x:
From ldap:
cn=admin
gidNumber=111
memberUid=Nathanael
objectClass=
objectClass=top
As I mentioned above, as far as file access is concerned Nathanael and administrator are both members of the admin group. When I run sudo as Nathanael I get:
Nathanael is not in the sudoers file. This incident will be reported.
If I change /etc/group to
admin:x:
Then sudo works. I can live with changing the /etc/group file, but when managing multiple servers it would be nice if I could simply update the ldap side of things.
Nathanael
Nathanael:
Have you taken a look at the sudo-ldap package? (http:// packages. ubuntu. com/feisty/ admin/sudo- ldap) This is found in the universe repository, so make sure you have that enabled.
Package: sudo-ldap
Description: Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. This version is built with LDAP support.
Repository: Universe
Thanks,
Justin M. Wray