Issues running sudo with winbind
Hey Everyone,
I am running CentOS 6.4 64 bit system running Winbind to authenticate to Active Directory. In our environment we have two AD Groups that can access these servers: UnixAdmins and UnixUsers. Depending on which AD group you are in, you have certain access rules via sudo. Here's a snippit from my sudoers file:
## Allows people in group wheel to run all commands
%ADDOMAIN\\UnixAdmin ALL=(ALL) ALL #gives AD group sudo rights
%ADDOMAIN\\UnixUsers ALL = NOPASSWD: /scripts/hotfix/deploy.sh, /scripts/hotfix/updateBuildVersion.sh
As you can tell from the entry in the sudoers file, anyone who assigned to the UnixAdmin group has sudo all. If they are assigned to the UnixUsers group, they have access to just TWO scripts that can run via no password.
So here is the interesting thing. In my /etc/security/pam_winbind.conf file, I have an entry which states:
require_membership_of = UnixAdmin,UnixUsers
This allows me to only allow these two active directory users to log into the Linux server. The problem is, when I try to run a script from our bastion host it gives me the error:
[ADDOMAIN\pconway@bastion~]$ ssh web60 sudo /scripts/hotfix/updateBuildVersion.sh
sudo: no tty present and no askpass program specified
Yet if I comment out that line in the pam_winbind.conf file, I don't get that error. Any reason why that would happen? I am at a loss. Thanks.
- Philippe
|