Zentyal Forum, Linux Small Business Server
Zentyal Server => Directory and Authentication => Topic started by: dzidek23 on January 17, 2023, 12:00:41 pm
-
I understand that it is possible (and easy) to allow AD users to login to the server via ssh; PAM settings under "Users and Computers" -> LDAP Settings.
However this allows all users to have a system account.
Could anyone suggest how can I enable shell for one or some of the AD users?
Also I'm trying to figure out how to add an AD user to system sudoers?
I tried
sudo usermod -aG sudo username
adding
username ALL=(ALL:ALL) ALL
and/or
domain\username ALL=(ALL:ALL) ALL
to the /etc/sudoers
Neither allows me to escalate privilages and I get "Domain\Username is not in the sudoers file. This incident will be reported."
-
So I found a way to allow user to use sudo..
Edit the /etc/sudoers and add:
domain\\username ALL=(ALL:ALL) ALL
note "\\" between domain and the username
user must also be in the sudo group
sudo usermod -aG sudo username
That still leaves me wit allowing only some users access to PAM.