Hi FreeBSD Folks, I'm using Samba 3.5.6 to authenticate logins and manage access on FreeBSD 8.1.
With Sudo 1.7.2, I was able to use Active Directory groups in sudoers(5), but this doesn't seem to work in 1.7.4. Versions: $ uname -a FreeBSD cis-mvl.ml.unisa.edu.au 8.1-RELEASE-p2 FreeBSD 8.1-RELEASE-p2 #0: Tue Jan 11 06:03:08 CST 2011 r...@cis-freebsd.ml.unisa.edu.au:/export/build/obj/export/build/src/sys/VMWARE amd64 $ sudo -V Sudo version 1.7.4p4 $ winbindd -V Version 3.5.6 /etc/nsswitch.conf: group: files winbind hosts: files dns networks: files passwd: files winbind protocols: files rpc: files services: files shells: files /usr/local/etc/pam.d/sudo: auth sufficient /usr/local/lib/pam_winbind.so try_first_pass auth include system account include system session required pam_permit.so password include system /usr/local/etc/sudoers: Defaults env_keep += "EDITOR FTP_PASSIVE_MODE HOME PAGER" Defaults insults Defaults shell_noargs Defaults syslog = auth Defaults !tty_tickets root ALL = (ALL) ALL %wheel ALL = (ALL) ALL %cis-sambagroupname ALL = (ALL) ALL Using version 1.7.2: $ /mnt/usr/local/bin/sudo -V Sudo version 1.7.2p6 $ /mnt/usr/local/bin/sudo -l Password: Matching Defaults entries for cis-username on this host: env_keep+="EDITOR FTP_PASSIVE_MODE HOME PAGER", insults, shell_noargs, syslog=auth, !tty_tickets User cis-username may run the following commands on this host: (ALL) ALL Using version 1.7.4: $ sudo -V Sudo version 1.7.4p4 $ sudo -l Password: Sorry, user cis-username may not run sudo on cis-mvl. The group looks correct: $ getent group cis-sambagroupname cis-sambagroupname:x:169013:cis-XXXXXXXX,iee-XXXXXX,cis-XXXXXXXX,cis-username,cis-XXXXXXX,cis-XXXXXX And if I add my username to sudoers(5), it works fine. Any suggestions? Thanks Rob. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"