From: Lars MLLER (lmuelle_at_SuSE.de)
Date: Sat May 21 2005 - 15:49:05 CEST
Date: Sat, 21 May 2005 15:49:05 +0200 From: Lars MLLER <lmuelle@SuSE.de> Message-ID: <20050521134905.GO7444@gray.suse.de> Subject: Re: [suse-sles-e] Winbind authenticated users cannot sudo?
On Wed, May 18, 2005 at 08:14:27AM -0700, Kevin P. Fleming wrote:
> I have a few SLES 9 servers set up recently... I'm very happy with them :-)
Good to know. :)
> However, I've run into one problem I can't find a simple solution for: a
> couple of these servers are joined to Windows domains, and allow the
> Windows users to log in as Linux users on the server itself (for
> administration, mostly). This was easy to set up using the 'Samba
> Client' module in YaST2.
>
> Once I added 'pam_mkhomedir.so' to /etc/pam.d/xdm, my Windows users have
> no trouble logging in, and an appropriate Linux homedir is created the
> first time they do; so far so good.
>
> However, once they are logged in, they cannot use 'sudo'; it complains
> that that they are not listed in /etc/sudoers. However, _no_ users are
> listed there, I'm using the default config that allows any user who
> knows root's password to be able to sudo. I suspect this is happening
> because sudo cannot 'see' the users being provided by Winbind, but
> /etc/pam.d/sudo shows it using pam_unix2, and pam_unix2 is properly
> configured to call pam_winbind.
>
> Any ideas what I can do here?
Have you configured /etc/nsswitch.conf to use winbind?
Do you see the users from your Microsoft Domains with
getent passwd
?
Lars
-- Lars MÜLLER [ˈlaː(r)z ˈmʏlɐ] SuSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
This archive was generated by hypermail 2.1.7 : Sat May 21 2005 - 15:49:10 CEST