Author Topic: PAM User to sudoers  (Read 401 times)

dzidek23

  • Zen Apprentice
  • *
  • Posts: 45
  • Karma: +1/-0
    • View Profile
PAM User to sudoers
« on: January 17, 2023, 12:00:41 pm »
I understand that it is possible (and easy) to allow AD users to login to the server via ssh; PAM settings under "Users and Computers" -> LDAP Settings.

However this allows all users to have a system account.

Could anyone suggest how can I enable shell for one or some of the AD users?

Also I'm trying to figure out how to add an AD user to system sudoers?
I tried

Code: [Select]
sudo usermod -aG sudo username
adding

Code: [Select]
username      ALL=(ALL:ALL) ALL
and/or
domain\username       ALL=(ALL:ALL) ALL
to the /etc/sudoers

Neither allows me to escalate privilages and I get "Domain\Username is not in the sudoers file.  This incident will be reported."

dzidek23

  • Zen Apprentice
  • *
  • Posts: 45
  • Karma: +1/-0
    • View Profile
Re: PAM User to sudoers
« Reply #1 on: January 18, 2023, 05:50:52 pm »
So I found a way to allow user to use sudo..

Edit the /etc/sudoers and add:

Code: [Select]
domain\\username   ALL=(ALL:ALL) ALLnote "\\" between domain and the username

user must also be in the sudo group

Quote
sudo usermod -aG sudo username

That still leaves me wit allowing only some users access to PAM.