Bug 208

Summary: Sudo doesn't recognize domain Administrator used with Winbind, but recognizes all other domain admins
Product: Sudo Reporter: Hari Sekhon <harisekhon>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: high CC: harisekhon
Priority: normal    
Version: 1.6.8   
Hardware: PC   
OS: Linux   

Description Hari Sekhon 2006-02-22 10:25:11 MST
I'm running Suse 10 with
Samba(samba-3.0.20b-3.1)+Winbind+Kerberos(krb5-1.4.1-5). Domain authentication
with PAM is working perfectly and I can log in via ssh, local console or use
samba shares all with domain accounts.
 
Sudo (sudo-1.6.8p9-2)doesn't recognise the domain account Administrator but
recognises all other users in the domain admins group. I have added the
following line to /etc/sudoers:

%domain\ admins ALL=(ALL) ALL

This works for all other users that appear in the "domain admins" group when I
do `getent group`. When logged on as administrator on this machine, I do `sudo
su` (this works with all other domain admins) but I get:

administrator is not in the sudoers file.  This incident will be reported.

Doing getent passwd or getent group shows the account as Administrator with a
capital A. Although I have logged in as both Administrator@hostname and
administrator@hostname I get the same result with both (with lowercase
administrator in the error).

All other aspects of Domain Authentication are working perfectly otherwise.
Comment 1 Hari Sekhon 2006-02-22 10:27:29 MST
This problems occurs in a Windows Active Directory domain (currently on Windows
2000 Server), not tested if it affects NT/2003...
Comment 2 Todd C. Miller 2007-06-22 11:15:20 MDT
I believe this is fixed in sudo 1.6.9, which is now in beta.  You can download beta versions of sudo from http://www.sudo.ws/sudo/beta.html
Comment 3 Todd C. Miller 2008-06-11 09:32:22 MDT
Believed to be fixed in sudo 1.6.9 and 1.7.0