I wonder why i can't use sudoers with domain groups.
I modified the /etc/sudoer, so a specific group has the ability to use sudo, but no luck
Has anyone tested this yet?
Yes this works, I've not done it myself but I just had a conversation with someone about this topic yesterday.
Let's say the domain group is called "VI Admins", I choose this example as it has a space which needs to be properly escaped in the /etc/sudoers file. You will also need to escape the first "slash" followed by the domain name as well.
Let's say the domain is "Primp-Industries" and the group is called "VI Admins"
The entry in sudoers file should be:
%Primp-Industries\\VI\ Admins ALL=(ALL) ALL
I had verified with the individual who I spoke to and he confirmed this worked in his environment.
=========================================================================
William Lam
VMware vExpert 2009,2010
VMware scripts and resources at:
Getting Started with the vMA (tips/tricks)
Getting Started with the vSphere SDK for Perl
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
Yes this works, I've not done it myself but I just had a conversation with someone about this topic yesterday.
Let's say the domain group is called "VI Admins", I choose this example as it has a space which needs to be properly escaped in the /etc/sudoers file. You will also need to escape the first "slash" followed by the domain name as well.
Let's say the domain is "Primp-Industries" and the group is called "VI Admins"
The entry in sudoers file should be:
%Primp-Industries\\VI\ Admins ALL=(ALL) ALL
I had verified with the individual who I spoke to and he confirmed this worked in his environment.
=========================================================================
William Lam
VMware vExpert 2009,2010
VMware scripts and resources at:
Getting Started with the vMA (tips/tricks)
Getting Started with the vSphere SDK for Perl
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
your right. It works perfectly. I made an error with the domain if forgot the extra slash.
LOL I was the individual
Maish - VCP - vExpert 2010
VMware Communities User Moderator
Virtualization Architect & Systems Administrator
I've tried what you have said but am still struggling. I've added the following to the Sudoers files on a VMA that has been joined to the domain I'll call TEST. I've created an AD global group called VI Admins and added the account I'm logging in with to that group.
%TEST
VI\ Admins ALL=(ALL) ALL
I've save the file and even after restarting the VMA I get a message that the account is not in the sudoers file.
Any help or guidance is greatly appreciated.
I'm going to take that back. After some further troubleshooting I seemed to have some domain authentication issues. I removed and rejoined the vMA to the domain and all was well.
Suppose there is no space in the group name?
So, in the example, it is just VI:
%Primp-Industries
VI ALL=(ALL) ALL
That didn't work.
%Primp-Industries\VI ALL=(ALL) ALL
That didn't work.
%Primp-Industries\VI\ ALL=(ALL) ALL
That didn't work, gave me a syntax error.