Bugzilla – Bug 208
Sudo doesn't recognize domain Administrator used with Winbind, but recognizes all other domain admins
Last modified: 2008-06-11 09:32:22 MDT
I'm running Suse 10 with Samba(samba-3.0.20b-3.1)+Winbind+Kerberos(krb5-1.4.1-5). Domain authentication with PAM is working perfectly and I can log in via ssh, local console or use samba shares all with domain accounts. Sudo (sudo-1.6.8p9-2)doesn't recognise the domain account Administrator but recognises all other users in the domain admins group. I have added the following line to /etc/sudoers: %domain\ admins ALL=(ALL) ALL This works for all other users that appear in the "domain admins" group when I do `getent group`. When logged on as administrator on this machine, I do `sudo su` (this works with all other domain admins) but I get: administrator is not in the sudoers file. This incident will be reported. Doing getent passwd or getent group shows the account as Administrator with a capital A. Although I have logged in as both Administrator@hostname and administrator@hostname I get the same result with both (with lowercase administrator in the error). All other aspects of Domain Authentication are working perfectly otherwise.
This problems occurs in a Windows Active Directory domain (currently on Windows 2000 Server), not tested if it affects NT/2003...
I believe this is fixed in sudo 1.6.9, which is now in beta. You can download beta versions of sudo from http://www.sudo.ws/sudo/beta.html
Believed to be fixed in sudo 1.6.9 and 1.7.0