https://community.hpe.com/t5/operating-system-hp-ux/sudo-when-authentication-is-ldap/m-p/4903304#M404476 I forgot to add:<BR />Sudo version 1.6.2p2<BR />HPUX 11.0 Sat, 21 May 2005 19:43:13 GMT RedLetter 2005-05-21T19:43:13Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-when-authentication-is-ldap/m-p/4903303#M404475 I am just wondering if anyone else has had a challenge with sudo on hpux 11.0 when user authentication is via ldap.<BR /><BR />sudoers file looks like<BR />Host_Alias BLAHOST=ALL<BR />User_Alias BLAUSER=user1,user2,user3 <BR />Cmnd_Alias BLACMD=ALL<BR /><BR />BLAUSER BLAHOST=(root)NOPASSWD: BlACMD<BR /><BR />Above requires the defined user to put in a password, but cannot find an how to validate the user. If I put the string at the bottom of th sudoers file that looks like:<BR />user1 ALL=(root) NOPASSWD: BLACMD<BR /><BR />user1 can do sudo<BR /><BR />syslog sudo error message:<BR /><BR />May 21 19:21:56 blahost sudo: user1 : 3 incorrect password attempts ; TTY=pts/<BR />tc ; PWD=/tmp ; USER=root ; COMMAND=/usr/bin/vi /tmp/foo.sudo<BR /><BR />we push the same sudoers file out to all our hp servers, the servers using NIS work fine. We converted two of the servers to LDAP this morning, and this issue was unexpected. Any ideas would be appreciated.<BR />Thanks, Sat, 21 May 2005 19:39:04 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-when-authentication-is-ldap/m-p/4903303#M404475 RedLetter 2005-05-21T19:39:04Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-when-authentication-is-ldap/m-p/4903304#M404476 I forgot to add:<BR />Sudo version 1.6.2p2<BR />HPUX 11.0 Sat, 21 May 2005 19:43:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-when-authentication-is-ldap/m-p/4903304#M404476 RedLetter 2005-05-21T19:43:13Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-when-authentication-is-ldap/m-p/4903305#M404477 I noticed that I had a typo.. note, above sudoers file is only an example.<BR /><BR />BLAUSER BLAHOST=(root)NOPASSWD: BLACMD<BR /><BR /><BR />Again, ideas would be a great help.. <BR />Thanks, Sat, 21 May 2005 19:59:57 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-when-authentication-is-ldap/m-p/4903305#M404477 RedLetter 2005-05-21T19:59:57Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-when-authentication-is-ldap/m-p/4903306#M404478 You'll need to re-compile sudo with --with-pam configure option.<BR /><BR />You can even store sudoers file in LDAP if you compile with --with-ldap. See README.LDAP included with sudo source distribution. Sat, 21 May 2005 20:03:58 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-when-authentication-is-ldap/m-p/4903306#M404478 Ermin Borovac 2005-05-21T20:03:58Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-when-authentication-is-ldap/m-p/4903307#M404479 Hello Ermin,<BR /><BR />Regarding your response that it will be necessary to recompile sudo with --pam, have you had any experience/success with that?<BR /><BR />Thanks,<BR /><BR />Bruce Fowler<BR /> Mon, 23 May 2005 10:45:19 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-when-authentication-is-ldap/m-p/4903307#M404479 Bruce Fowler 2005-05-23T10:45:19Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-when-authentication-is-ldap/m-p/4903308#M404480 Hi,<BR /><BR />Did you try ldap in the password authentication methods in /etc/nsswitch.conf<BR /><BR />passwd : files ldap<BR /><BR />Hope this helps.<BR /><BR />Regds<BR /> Mon, 23 May 2005 11:17:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-when-authentication-is-ldap/m-p/4903308#M404480 Sanjay_6 2005-05-23T11:17:37Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-when-authentication-is-ldap/m-p/4903309#M404481 Thanks for everyones help. I recompiled sudo v1.6.8p8 with various config options. I had to spend a little time at<BR /><A href="http://www.sudo.ws/" target="_blank">http://www.sudo.ws/</A> to get all the info and source I needed. So far my tests have been successful. I am not sure that I want to even see the "Goon" insults.. Thanks again.. Mon, 23 May 2005 12:26:27 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-when-authentication-is-ldap/m-p/4903309#M404481 RedLetter 2005-05-23T12:26:27Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-when-authentication-is-ldap/m-p/4903310#M404482 Recompiled sudo v.1.6.8p8 with --ldap and --pam Mon, 23 May 2005 12:27:46 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-when-authentication-is-ldap/m-p/4903310#M404482 RedLetter 2005-05-23T12:27:46Z