On 08/09/14 22:44, Jacob Weber wrote:
> Yes you can use the local sudoers file by adding a ldap user or
> but it will only work on the the machine you add the user or group to, I
> initially did this with my AD domain joined laptop.
> There is a very big problem with doing it this way if you want to do it
> for multiple machines and users, you have to alter each and every
> sudoers file. This is where sssd-sudoers comes in, you setup the sudo
> rules in ldap or AD (once) and get the same results everywhere.
I'm okay with having local rules; I just want the local rules to apply to LDAP
users/groups. Is that what you had? Did you have them defined with NOPASSWD, or did they
require a password?
sssd-users mailing list
Never tried groups, but
I had my username in /etc/sudoers and when I
logged into the machine, it worked just as if it was a local user, it
asked for and accepted the domain users password. This is ok if you are
talking about one user and one machine, but after this it is better to
setup sssd-sudo correctly.