To get NOPASSWD behavior when using ldap to distribute your sudo records, you need to add a sudo options attribute to the sudo rule in ldap to negate the default authentication requirement.
>From http://www.sudo.ws/man/1.8.13/sudoers.man.html authenticate: If set, users must authenticate themselves via a password (or other means of authentication) before they may run commands. This default may be overridden via the PASSWD and NOPASSWD tags. This flag is on by default. To negate it, place a '!' in front of it as the value to a sudo options attribute in ldap. On Mon, Nov 2, 2015 at 7:02 AM, Todor Petkov <[email protected]> wrote: > On 02/11/2015 10:20 AM, Todor Petkov wrote: > > >> Hello, >> >> my bad, I meant that I have added the line in sudoers, but it was not >> working. >> >> However, I have added the user as "uniquemember" of the group, not >> just "gidNumber" and it's OK now. >> >> Thanks. >> > > > Hi, > > small update: > > when the group is with NOPASSWD:ALL, it's not working. > If the user has specific record, it's OK. > > I can change the sudoers record with pssh, but if someone can give a hint > how to make the group record working, I will appreciate it. > > Regards, > > > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- Alan Willis Core Infrastructure | Riot Games For, to speak out once for all, man only plays when in the full meaning of the word he is a man, and *he is only completely a man when he plays*. - J.C. Friedrich von Schiller - Letters upon the Æsthetic Education of Man
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
