HPE Community
Operating System - HP-UX
1834934 Members
2726 Online
110071 Solutions
New Discussion

Re: sudo when authentication is ldap

 
SOLVED
Go to solution
RedLetter
Advisor

‎05-21-2005 12:39 PM

‎05-21-2005 12:39 PM

sudo when authentication is ldap

I am just wondering if anyone else has had a challenge with sudo on hpux 11.0 when user authentication is via ldap.

sudoers file looks like
Host_Alias BLAHOST=ALL
User_Alias BLAUSER=user1,user2,user3
Cmnd_Alias BLACMD=ALL

BLAUSER BLAHOST=(root)NOPASSWD: BlACMD

Above requires the defined user to put in a password, but cannot find an how to validate the user. If I put the string at the bottom of th sudoers file that looks like:
user1 ALL=(root) NOPASSWD: BLACMD

user1 can do sudo

syslog sudo error message:

May 21 19:21:56 blahost sudo: user1 : 3 incorrect password attempts ; TTY=pts/
tc ; PWD=/tmp ; USER=root ; COMMAND=/usr/bin/vi /tmp/foo.sudo

we push the same sudoers file out to all our hp servers, the servers using NIS work fine. We converted two of the servers to LDAP this morning, and this issue was unexpected. Any ideas would be appreciated.
Thanks,
Wondeful, never had it so good...
0 Kudos
7 REPLIES 7
RedLetter
Advisor

‎05-21-2005 12:43 PM

‎05-21-2005 12:43 PM

Re: sudo when authentication is ldap

I forgot to add:
Sudo version 1.6.2p2
HPUX 11.0
Wondeful, never had it so good...
0 Kudos
RedLetter
Advisor

‎05-21-2005 12:59 PM

‎05-21-2005 12:59 PM

Re: sudo when authentication is ldap

I noticed that I had a typo.. note, above sudoers file is only an example.

BLAUSER BLAHOST=(root)NOPASSWD: BLACMD


Again, ideas would be a great help..
Thanks,
Wondeful, never had it so good...
0 Kudos
Ermin Borovac
Honored Contributor

‎05-21-2005 01:03 PM

‎05-21-2005 01:03 PM

Solution

Re: sudo when authentication is ldap

You'll need to re-compile sudo with --with-pam configure option.

You can even store sudoers file in LDAP if you compile with --with-ldap. See README.LDAP included with sudo source distribution.
0 Kudos
Bruce Fowler
New Member

‎05-23-2005 03:45 AM

‎05-23-2005 03:45 AM

Re: sudo when authentication is ldap

Hello Ermin,

Regarding your response that it will be necessary to recompile sudo with --pam, have you had any experience/success with that?

Thanks,

Bruce Fowler
0 Kudos
Sanjay_6
Honored Contributor

‎05-23-2005 04:17 AM

‎05-23-2005 04:17 AM

Re: sudo when authentication is ldap

Hi,

Did you try ldap in the password authentication methods in /etc/nsswitch.conf

passwd : files ldap

Hope this helps.

Regds
0 Kudos
RedLetter
Advisor

‎05-23-2005 05:26 AM

‎05-23-2005 05:26 AM

Re: sudo when authentication is ldap

Thanks for everyones help. I recompiled sudo v1.6.8p8 with various config options. I had to spend a little time at
http://www.sudo.ws/ to get all the info and source I needed. So far my tests have been successful. I am not sure that I want to even see the "Goon" insults.. Thanks again..
Wondeful, never had it so good...
0 Kudos
RedLetter
Advisor

‎05-23-2005 05:27 AM

‎05-23-2005 05:27 AM

Re: sudo when authentication is ldap

Recompiled sudo v.1.6.8p8 with --ldap and --pam
Wondeful, never had it so good...
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.