[lug] sudo, pam, and SuSE 10.2

[Lee Woodworth]

Andrew Diederich wrote:
> I've just installed SuSE 10.2, and configured it to use PAM against my
> active directory server, so I could try and remember just _one_ set of
> passwords.  That was great right out of the box -- it made a machine
> account on the domain, I can login with "domain\windows.username", it
> creates a home directory for me, it's all good.
> 
> What I can't do is get sudo to work.  Sudo just can't seem to identify
> who I am.  I've tried about everything I can think of, but just
> haven't gotten it.  Has anyone else made this go?
Haven't done done any AD authentication.

Some questions:
    What linux account is the AD account getting mapped to when
	you log in? Try the id command to see.
    Do you have files in /etc/pam.d related to sudo? If so they will
	have info about restrictions (such as needing to be a
	member of wheel for example)
> 
> My sudoers file:
> DOMAIN\windows.username ALL=(ALL) ALL
> domain\windows.username ALL=(ALL) ALL
> domain/windows.username ALL=(ALL) ALL
> windows.username        ALL=(ALL) ALL
> %Domain\ windows.username       ALL=(ALL) ALL
> %Domain\windows.username        ALL=(ALL) ALL
> 
> The error I get is "DOMAIN\windows.username is not in the sudoers
> file. This incident will be reported."
> 
> I did turn off the evil SuSE targetpw default, where you need to know
> the target's password to run sudo.  Why they think it's a good idea, I
> have no clue.
>