How to add Domain Admins to sudoers
There is a similar question that has been answered; so, I'm not sure if I should tag on; not believing that I should, I'm proceeding.
I'm running Ubuntu 14.04 and have joined our Windows domain using PBIS (formerly likewise-open). I can get an individual user account sudo privileges, but cannot get Domain Admins the same. I've tried every variation of %DOMAINdomain^admins I've see so far with no success.
Thanks in advance for any assistance.
14.04 sudo likewise
asked Apr 25 '14 at 13:44
Shawn a.k.a. abd al ShakurShawn a.k.a. abd al Shakur
21114
add a comment |
There is a similar question that has been answered; so, I'm not sure if I should tag on; not believing that I should, I'm proceeding.
I'm running Ubuntu 14.04 and have joined our Windows domain using PBIS (formerly likewise-open). I can get an individual user account sudo privileges, but cannot get Domain Admins the same. I've tried every variation of %DOMAINdomain^admins I've see so far with no success.
Thanks in advance for any assistance.
14.04 sudo likewise
asked Apr 25 '14 at 13:44
Shawn a.k.a. abd al ShakurShawn a.k.a. abd al Shakur
21114
Have you tried to add: %Domain Admins ALL=(ALL:ALL) ALL ?
– StandDuPp
Apr 25 '14 at 13:55
Just did and unfortunately it didn't work.
– Shawn a.k.a. abd al Shakur
Apr 28 '14 at 17:36
add a comment |
There is a similar question that has been answered; so, I'm not sure if I should tag on; not believing that I should, I'm proceeding.
I'm running Ubuntu 14.04 and have joined our Windows domain using PBIS (formerly likewise-open). I can get an individual user account sudo privileges, but cannot get Domain Admins the same. I've tried every variation of %DOMAINdomain^admins I've see so far with no success.
Thanks in advance for any assistance.
14.04 sudo likewise
asked Apr 25 '14 at 13:44
Shawn a.k.a. abd al ShakurShawn a.k.a. abd al Shakur
21114
There is a similar question that has been answered; so, I'm not sure if I should tag on; not believing that I should, I'm proceeding.
I'm running Ubuntu 14.04 and have joined our Windows domain using PBIS (formerly likewise-open). I can get an individual user account sudo privileges, but cannot get Domain Admins the same. I've tried every variation of %DOMAINdomain^admins I've see so far with no success.
Thanks in advance for any assistance.
14.04 sudo likewise
14.04 sudo likewise
asked Apr 25 '14 at 13:44
Shawn a.k.a. abd al ShakurShawn a.k.a. abd al Shakur
21114
asked Apr 25 '14 at 13:44
Shawn a.k.a. abd al ShakurShawn a.k.a. abd al Shakur
21114
asked Apr 25 '14 at 13:44
Shawn a.k.a. abd al ShakurShawn a.k.a. abd al Shakur
21114
asked Apr 25 '14 at 13:44
Shawn a.k.a. abd al ShakurShawn a.k.a. abd al Shakur
21114
asked Apr 25 '14 at 13:44
Shawn a.k.a. abd al ShakurShawn a.k.a. abd al Shakur
21114
21114
Have you tried to add: %Domain Admins ALL=(ALL:ALL) ALL ?
– StandDuPp
Apr 25 '14 at 13:55
Just did and unfortunately it didn't work.
– Shawn a.k.a. abd al Shakur
Apr 28 '14 at 17:36
add a comment |
Have you tried to add: %Domain Admins ALL=(ALL:ALL) ALL ?
– StandDuPp
Apr 25 '14 at 13:55
Just did and unfortunately it didn't work.
– Shawn a.k.a. abd al Shakur
Apr 28 '14 at 17:36
Have you tried to add: %Domain Admins ALL=(ALL:ALL) ALL ?
– StandDuPp
Apr 25 '14 at 13:55
Have you tried to add: %Domain Admins ALL=(ALL:ALL) ALL ?
– StandDuPp
Apr 25 '14 at 13:55
Just did and unfortunately it didn't work.
– Shawn a.k.a. abd al Shakur
Apr 28 '14 at 17:36
Just did and unfortunately it didn't work.
– Shawn a.k.a. abd al Shakur
Apr 28 '14 at 17:36
add a comment |
8 Answers
8
active
oldest
votes
This also worked for me:
%domain^admins ALL=(ALL:ALL) ALL
I assume this is because of the following commands used when setting up PBIS:
sudo /opt/pbis/bin/config UserDomainPrefix $domain
sudo /opt/pbis/bin/config AssumeDefaultDomain true
sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
sudo /opt/pbis/bin/config HomeDirTemplate %H/%U
This seems to make the domain accounts appear as local accounts to the system by assuming the domain name is before the login account. Therefore the domain name is not required by the sudoers list.
Any thoughts?
edited Jan 10 '15 at 6:00
muru
1
answered Aug 12 '14 at 21:47
JosephJoseph
412
add a comment |
Depends on your setup sometimes...
%domain admins ALL=(ALL) ALL
%domain\domain admins ALL=(ALL) ALL
%domain admins@domain.com ALL=(ALL) ALL
The last one is the one I actually had to use to get mine to work...I'm using sssd and realmd to join my domain.
Many suggestions in the past showed using domain^admins but that has never personally worked for me but according to many posts it has worked for others. Having the first word followed by a indicates there is a valid space and then doesn't read it as an invalid character. I hope this helps.
answered Jan 10 '15 at 5:50
bmanbman
311
add a comment |
Here is another way of doing it, without requiring all the fancy escaping and also without guessing at the exact group name. I tested with winbind.
Figure out the group name:
$ getent group | grep -i admin
MYDOMAINDomain Admins:*:100006:
Add the group you see above to the sudoers file. We can use
sudoers.ddirectory to avoid changing the main sudoers file (e.g. to avoid merge if distribution upgrade changes it).
$ visudo -f /etc/sudoers.d/DomainAdmins
# Add this line:
"%MYDOMAINDomain Admins" ALL=(ALL) ALL
From the sudoers(5) man page:
A user name, uid, group, gid, netgroup, nonunix_group or nonunix_gid may be enclosed in double quotes to avoid the need for escaping special characters.
answered Apr 12 '16 at 14:54
James JohnstonJames Johnston
1766
add a comment |
I was able to make it work with the following:
%domain^admins ALL=(ALL:ALL) ALL
(i.e., remove the domain)
edited Nov 24 '14 at 18:38
muru
1
answered Aug 5 '14 at 15:53
Shawn a.k.a. abd al ShakurShawn a.k.a. abd al Shakur
21114
add a comment |
from term
sudo EDITOR=nano visudo /etc/sudoers
under line
after root line add the line below
username ALL=(ALL:ALL) ALL
or for group:
# Members of the admin group may gain root privileges
%domain\domain^Users ALL=(ALL) ALL
edited Jan 10 '15 at 6:00
muru
1
answered Jul 14 '14 at 11:05
ahmed samiahmed sami
363
Editing /etc/sudoers directly is not recommended. If the file gets corrupted, you can lock yourself out of the system. Use visudo instead.
– bshacklett
Dec 5 '14 at 15:54
add a comment |
I know this question was posted super long ago, but I solved this by doing a
groups Mydomain\myuser
then copying the admin group I wanted (escaping the single with another)
answered Jan 7 '16 at 18:12
SeanSean
1
add a comment |
I know this thread is extremely old, but thought I'd share what I had to do to get this done in Ubuntu 18.04.1.
Since absolutely none of the above entries for the sudoers file worked for me, I simply created a Security Group in Active Directory called "sudo" and added the Domain Admins to it.
Domain Admin users logging into Ubuntu then show as part of the "sudo" group in Ubuntu as well, and are able to sudo commands.
answered Sep 26 '18 at 18:36
dleemaasdleemaas
513
add a comment |
I have worked a lot on it,
And after so many tries and searching i got this working
%domain admins ALL=(ALL) ALL
Since i was having DOMAIN name as two words i have to use: domain admins
domain admins
This was the exact group name i was having.
And % to specify group.
and without % i would think it is take as username.
answered Jan 21 at 6:33
Rajat jainRajat jain
103
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f455211%2fhow-to-add-domain-admins-to-sudoers%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
8 Answers
8
active
oldest
votes
8 Answers
8
active
oldest
votes
active
oldest
votes
active
oldest
votes
This also worked for me:
%domain^admins ALL=(ALL:ALL) ALL
I assume this is because of the following commands used when setting up PBIS:
sudo /opt/pbis/bin/config UserDomainPrefix $domain
sudo /opt/pbis/bin/config AssumeDefaultDomain true
sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
sudo /opt/pbis/bin/config HomeDirTemplate %H/%U
This seems to make the domain accounts appear as local accounts to the system by assuming the domain name is before the login account. Therefore the domain name is not required by the sudoers list.
Any thoughts?
edited Jan 10 '15 at 6:00
muru
1
answered Aug 12 '14 at 21:47
JosephJoseph
412
add a comment |
This also worked for me:
%domain^admins ALL=(ALL:ALL) ALL
I assume this is because of the following commands used when setting up PBIS:
sudo /opt/pbis/bin/config UserDomainPrefix $domain
sudo /opt/pbis/bin/config AssumeDefaultDomain true
sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
sudo /opt/pbis/bin/config HomeDirTemplate %H/%U
This seems to make the domain accounts appear as local accounts to the system by assuming the domain name is before the login account. Therefore the domain name is not required by the sudoers list.
Any thoughts?
edited Jan 10 '15 at 6:00
muru
1
answered Aug 12 '14 at 21:47
JosephJoseph
412
add a comment |
This also worked for me:
%domain^admins ALL=(ALL:ALL) ALL
I assume this is because of the following commands used when setting up PBIS:
sudo /opt/pbis/bin/config UserDomainPrefix $domain
sudo /opt/pbis/bin/config AssumeDefaultDomain true
sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
sudo /opt/pbis/bin/config HomeDirTemplate %H/%U
This seems to make the domain accounts appear as local accounts to the system by assuming the domain name is before the login account. Therefore the domain name is not required by the sudoers list.
Any thoughts?
edited Jan 10 '15 at 6:00
muru
1
answered Aug 12 '14 at 21:47
JosephJoseph
412
This also worked for me:
%domain^admins ALL=(ALL:ALL) ALL
I assume this is because of the following commands used when setting up PBIS:
sudo /opt/pbis/bin/config UserDomainPrefix $domain
sudo /opt/pbis/bin/config AssumeDefaultDomain true
sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
sudo /opt/pbis/bin/config HomeDirTemplate %H/%U
This seems to make the domain accounts appear as local accounts to the system by assuming the domain name is before the login account. Therefore the domain name is not required by the sudoers list.
Any thoughts?
edited Jan 10 '15 at 6:00
muru
1
answered Aug 12 '14 at 21:47
JosephJoseph
412
edited Jan 10 '15 at 6:00
muru
1
edited Jan 10 '15 at 6:00
muru
1
edited Jan 10 '15 at 6:00
muru
1
1
answered Aug 12 '14 at 21:47
JosephJoseph
412
answered Aug 12 '14 at 21:47
JosephJoseph
412
answered Aug 12 '14 at 21:47
JosephJoseph
412
412
add a comment |
add a comment |
Depends on your setup sometimes...
%domain admins ALL=(ALL) ALL
%domain\domain admins ALL=(ALL) ALL
%domain admins@domain.com ALL=(ALL) ALL
The last one is the one I actually had to use to get mine to work...I'm using sssd and realmd to join my domain.
Many suggestions in the past showed using domain^admins but that has never personally worked for me but according to many posts it has worked for others. Having the first word followed by a indicates there is a valid space and then doesn't read it as an invalid character. I hope this helps.
answered Jan 10 '15 at 5:50
bmanbman
311
add a comment |
Depends on your setup sometimes...
%domain admins ALL=(ALL) ALL
%domain\domain admins ALL=(ALL) ALL
%domain admins@domain.com ALL=(ALL) ALL
The last one is the one I actually had to use to get mine to work...I'm using sssd and realmd to join my domain.
Many suggestions in the past showed using domain^admins but that has never personally worked for me but according to many posts it has worked for others. Having the first word followed by a indicates there is a valid space and then doesn't read it as an invalid character. I hope this helps.
answered Jan 10 '15 at 5:50
bmanbman
311
add a comment |
Depends on your setup sometimes...
%domain admins ALL=(ALL) ALL
%domain\domain admins ALL=(ALL) ALL
%domain admins@domain.com ALL=(ALL) ALL
The last one is the one I actually had to use to get mine to work...I'm using sssd and realmd to join my domain.
Many suggestions in the past showed using domain^admins but that has never personally worked for me but according to many posts it has worked for others. Having the first word followed by a indicates there is a valid space and then doesn't read it as an invalid character. I hope this helps.
answered Jan 10 '15 at 5:50
bmanbman
311
Depends on your setup sometimes...
%domain admins ALL=(ALL) ALL
%domain\domain admins ALL=(ALL) ALL
%domain admins@domain.com ALL=(ALL) ALL
The last one is the one I actually had to use to get mine to work...I'm using sssd and realmd to join my domain.
Many suggestions in the past showed using domain^admins but that has never personally worked for me but according to many posts it has worked for others. Having the first word followed by a indicates there is a valid space and then doesn't read it as an invalid character. I hope this helps.
answered Jan 10 '15 at 5:50
bmanbman
311
answered Jan 10 '15 at 5:50
bmanbman
311
answered Jan 10 '15 at 5:50
bmanbman
311
answered Jan 10 '15 at 5:50
bmanbman
311
311
add a comment |
add a comment |
Here is another way of doing it, without requiring all the fancy escaping and also without guessing at the exact group name. I tested with winbind.
Figure out the group name:
$ getent group | grep -i admin
MYDOMAINDomain Admins:*:100006:
Add the group you see above to the sudoers file. We can use
sudoers.ddirectory to avoid changing the main sudoers file (e.g. to avoid merge if distribution upgrade changes it).
$ visudo -f /etc/sudoers.d/DomainAdmins
# Add this line:
"%MYDOMAINDomain Admins" ALL=(ALL) ALL
From the sudoers(5) man page:
A user name, uid, group, gid, netgroup, nonunix_group or nonunix_gid may be enclosed in double quotes to avoid the need for escaping special characters.
answered Apr 12 '16 at 14:54
James JohnstonJames Johnston
1766
add a comment |
Here is another way of doing it, without requiring all the fancy escaping and also without guessing at the exact group name. I tested with winbind.
Figure out the group name:
$ getent group | grep -i admin
MYDOMAINDomain Admins:*:100006:
Add the group you see above to the sudoers file. We can use
sudoers.ddirectory to avoid changing the main sudoers file (e.g. to avoid merge if distribution upgrade changes it).
$ visudo -f /etc/sudoers.d/DomainAdmins
# Add this line:
"%MYDOMAINDomain Admins" ALL=(ALL) ALL
From the sudoers(5) man page:
A user name, uid, group, gid, netgroup, nonunix_group or nonunix_gid may be enclosed in double quotes to avoid the need for escaping special characters.
answered Apr 12 '16 at 14:54
James JohnstonJames Johnston
1766
add a comment |
Here is another way of doing it, without requiring all the fancy escaping and also without guessing at the exact group name. I tested with winbind.
Figure out the group name:
$ getent group | grep -i admin
MYDOMAINDomain Admins:*:100006:
Add the group you see above to the sudoers file. We can use
sudoers.ddirectory to avoid changing the main sudoers file (e.g. to avoid merge if distribution upgrade changes it).
$ visudo -f /etc/sudoers.d/DomainAdmins
# Add this line:
"%MYDOMAINDomain Admins" ALL=(ALL) ALL
From the sudoers(5) man page:
A user name, uid, group, gid, netgroup, nonunix_group or nonunix_gid may be enclosed in double quotes to avoid the need for escaping special characters.
answered Apr 12 '16 at 14:54
James JohnstonJames Johnston
1766
Here is another way of doing it, without requiring all the fancy escaping and also without guessing at the exact group name. I tested with winbind.
Figure out the group name:
$ getent group | grep -i admin
MYDOMAINDomain Admins:*:100006:
Add the group you see above to the sudoers file. We can use
sudoers.ddirectory to avoid changing the main sudoers file (e.g. to avoid merge if distribution upgrade changes it).
$ visudo -f /etc/sudoers.d/DomainAdmins
# Add this line:
"%MYDOMAINDomain Admins" ALL=(ALL) ALL
From the sudoers(5) man page:
A user name, uid, group, gid, netgroup, nonunix_group or nonunix_gid may be enclosed in double quotes to avoid the need for escaping special characters.
answered Apr 12 '16 at 14:54
James JohnstonJames Johnston
1766
answered Apr 12 '16 at 14:54
James JohnstonJames Johnston
1766
answered Apr 12 '16 at 14:54
James JohnstonJames Johnston
1766
answered Apr 12 '16 at 14:54
James JohnstonJames Johnston
1766
1766
add a comment |
add a comment |
I was able to make it work with the following:
%domain^admins ALL=(ALL:ALL) ALL
(i.e., remove the domain)
edited Nov 24 '14 at 18:38
muru
1
answered Aug 5 '14 at 15:53
Shawn a.k.a. abd al ShakurShawn a.k.a. abd al Shakur
21114
add a comment |
I was able to make it work with the following:
%domain^admins ALL=(ALL:ALL) ALL
(i.e., remove the domain)
edited Nov 24 '14 at 18:38
muru
1
answered Aug 5 '14 at 15:53
Shawn a.k.a. abd al ShakurShawn a.k.a. abd al Shakur
21114
add a comment |
I was able to make it work with the following:
%domain^admins ALL=(ALL:ALL) ALL
(i.e., remove the domain)
edited Nov 24 '14 at 18:38
muru
1
answered Aug 5 '14 at 15:53
Shawn a.k.a. abd al ShakurShawn a.k.a. abd al Shakur
21114
I was able to make it work with the following:
%domain^admins ALL=(ALL:ALL) ALL
(i.e., remove the domain)
edited Nov 24 '14 at 18:38
muru
1
answered Aug 5 '14 at 15:53
Shawn a.k.a. abd al ShakurShawn a.k.a. abd al Shakur
21114
edited Nov 24 '14 at 18:38
muru
1
edited Nov 24 '14 at 18:38
muru
1
edited Nov 24 '14 at 18:38
muru
1
1
answered Aug 5 '14 at 15:53
Shawn a.k.a. abd al ShakurShawn a.k.a. abd al Shakur
21114
answered Aug 5 '14 at 15:53
Shawn a.k.a. abd al ShakurShawn a.k.a. abd al Shakur
21114
answered Aug 5 '14 at 15:53
Shawn a.k.a. abd al ShakurShawn a.k.a. abd al Shakur
21114
21114
add a comment |
add a comment |
from term
sudo EDITOR=nano visudo /etc/sudoers
under line
after root line add the line below
username ALL=(ALL:ALL) ALL
or for group:
# Members of the admin group may gain root privileges
%domain\domain^Users ALL=(ALL) ALL
edited Jan 10 '15 at 6:00
muru
1
answered Jul 14 '14 at 11:05
ahmed samiahmed sami
363
Editing /etc/sudoers directly is not recommended. If the file gets corrupted, you can lock yourself out of the system. Use visudo instead.
– bshacklett
Dec 5 '14 at 15:54
add a comment |
from term
sudo EDITOR=nano visudo /etc/sudoers
under line
after root line add the line below
username ALL=(ALL:ALL) ALL
or for group:
# Members of the admin group may gain root privileges
%domain\domain^Users ALL=(ALL) ALL
edited Jan 10 '15 at 6:00
muru
1
answered Jul 14 '14 at 11:05
ahmed samiahmed sami
363
Editing /etc/sudoers directly is not recommended. If the file gets corrupted, you can lock yourself out of the system. Use visudo instead.
– bshacklett
Dec 5 '14 at 15:54
add a comment |
from term
sudo EDITOR=nano visudo /etc/sudoers
under line
after root line add the line below
username ALL=(ALL:ALL) ALL
or for group:
# Members of the admin group may gain root privileges
%domain\domain^Users ALL=(ALL) ALL
edited Jan 10 '15 at 6:00
muru
1
answered Jul 14 '14 at 11:05
ahmed samiahmed sami
363
from term
sudo EDITOR=nano visudo /etc/sudoers
under line
after root line add the line below
username ALL=(ALL:ALL) ALL
or for group:
# Members of the admin group may gain root privileges
%domain\domain^Users ALL=(ALL) ALL
edited Jan 10 '15 at 6:00
muru
1
answered Jul 14 '14 at 11:05
ahmed samiahmed sami
363
edited Jan 10 '15 at 6:00
muru
1
edited Jan 10 '15 at 6:00
muru
1
edited Jan 10 '15 at 6:00
muru
1
1
answered Jul 14 '14 at 11:05
ahmed samiahmed sami
363
answered Jul 14 '14 at 11:05
ahmed samiahmed sami
363
answered Jul 14 '14 at 11:05
ahmed samiahmed sami
363
363
Editing /etc/sudoers directly is not recommended. If the file gets corrupted, you can lock yourself out of the system. Use visudo instead.
– bshacklett
Dec 5 '14 at 15:54
add a comment |
Editing /etc/sudoers directly is not recommended. If the file gets corrupted, you can lock yourself out of the system. Use visudo instead.
– bshacklett
Dec 5 '14 at 15:54
Editing /etc/sudoers directly is not recommended. If the file gets corrupted, you can lock yourself out of the system. Use visudo instead.
– bshacklett
Dec 5 '14 at 15:54
Editing /etc/sudoers directly is not recommended. If the file gets corrupted, you can lock yourself out of the system. Use visudo instead.
– bshacklett
Dec 5 '14 at 15:54
add a comment |
I know this question was posted super long ago, but I solved this by doing a
groups Mydomain\myuser
then copying the admin group I wanted (escaping the single with another)
answered Jan 7 '16 at 18:12
SeanSean
1
add a comment |
I know this question was posted super long ago, but I solved this by doing a
groups Mydomain\myuser
then copying the admin group I wanted (escaping the single with another)
answered Jan 7 '16 at 18:12
SeanSean
1
add a comment |
I know this question was posted super long ago, but I solved this by doing a
groups Mydomain\myuser
then copying the admin group I wanted (escaping the single with another)
answered Jan 7 '16 at 18:12
SeanSean
1
I know this question was posted super long ago, but I solved this by doing a
groups Mydomain\myuser
then copying the admin group I wanted (escaping the single with another)
answered Jan 7 '16 at 18:12
SeanSean
1
answered Jan 7 '16 at 18:12
SeanSean
1
answered Jan 7 '16 at 18:12
SeanSean
1
answered Jan 7 '16 at 18:12
SeanSean
1
1
add a comment |
add a comment |
I know this thread is extremely old, but thought I'd share what I had to do to get this done in Ubuntu 18.04.1.
Since absolutely none of the above entries for the sudoers file worked for me, I simply created a Security Group in Active Directory called "sudo" and added the Domain Admins to it.
Domain Admin users logging into Ubuntu then show as part of the "sudo" group in Ubuntu as well, and are able to sudo commands.
answered Sep 26 '18 at 18:36
dleemaasdleemaas
513
add a comment |
I know this thread is extremely old, but thought I'd share what I had to do to get this done in Ubuntu 18.04.1.
Since absolutely none of the above entries for the sudoers file worked for me, I simply created a Security Group in Active Directory called "sudo" and added the Domain Admins to it.
Domain Admin users logging into Ubuntu then show as part of the "sudo" group in Ubuntu as well, and are able to sudo commands.
answered Sep 26 '18 at 18:36
dleemaasdleemaas
513
add a comment |
I know this thread is extremely old, but thought I'd share what I had to do to get this done in Ubuntu 18.04.1.
Since absolutely none of the above entries for the sudoers file worked for me, I simply created a Security Group in Active Directory called "sudo" and added the Domain Admins to it.
Domain Admin users logging into Ubuntu then show as part of the "sudo" group in Ubuntu as well, and are able to sudo commands.
answered Sep 26 '18 at 18:36
dleemaasdleemaas
513
I know this thread is extremely old, but thought I'd share what I had to do to get this done in Ubuntu 18.04.1.
Since absolutely none of the above entries for the sudoers file worked for me, I simply created a Security Group in Active Directory called "sudo" and added the Domain Admins to it.
Domain Admin users logging into Ubuntu then show as part of the "sudo" group in Ubuntu as well, and are able to sudo commands.
answered Sep 26 '18 at 18:36
dleemaasdleemaas
513
answered Sep 26 '18 at 18:36
dleemaasdleemaas
513
answered Sep 26 '18 at 18:36
dleemaasdleemaas
513
answered Sep 26 '18 at 18:36
dleemaasdleemaas
513
513
add a comment |
add a comment |
I have worked a lot on it,
And after so many tries and searching i got this working
%domain admins ALL=(ALL) ALL
Since i was having DOMAIN name as two words i have to use: domain admins
domain admins
This was the exact group name i was having.
And % to specify group.
and without % i would think it is take as username.
answered Jan 21 at 6:33
Rajat jainRajat jain
103
add a comment |
I have worked a lot on it,
And after so many tries and searching i got this working
%domain admins ALL=(ALL) ALL
Since i was having DOMAIN name as two words i have to use: domain admins
domain admins
This was the exact group name i was having.
And % to specify group.
and without % i would think it is take as username.
answered Jan 21 at 6:33
Rajat jainRajat jain
103
add a comment |
I have worked a lot on it,
And after so many tries and searching i got this working
%domain admins ALL=(ALL) ALL
Since i was having DOMAIN name as two words i have to use: domain admins
domain admins
This was the exact group name i was having.
And % to specify group.
and without % i would think it is take as username.
answered Jan 21 at 6:33
Rajat jainRajat jain
103
I have worked a lot on it,
And after so many tries and searching i got this working
%domain admins ALL=(ALL) ALL
Since i was having DOMAIN name as two words i have to use: domain admins
domain admins
This was the exact group name i was having.
And % to specify group.
and without % i would think it is take as username.
answered Jan 21 at 6:33
Rajat jainRajat jain
103
answered Jan 21 at 6:33
Rajat jainRajat jain
103
answered Jan 21 at 6:33
Rajat jainRajat jain
103
answered Jan 21 at 6:33
Rajat jainRajat jain
103
103
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f455211%2fhow-to-add-domain-admins-to-sudoers%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Have you tried to add: %Domain Admins ALL=(ALL:ALL) ALL ?
– StandDuPp
Apr 25 '14 at 13:55
Just did and unfortunately it didn't work.
– Shawn a.k.a. abd al Shakur
Apr 28 '14 at 17:36