Hi All,
First post on this forum. Hope I've selected the correct group to post in.
I have a bit of a challenge understanding the following.
I have a Active Directory where my Ubuntu (16.04) is a member of. My domain users can log on Ubuntu using domain credentials and all is fine on that end. What I want to do is make a few domain members sudo users. For that I would like to use info in Active Directory so it can be centrally managed. I was glad to find this is actually possible with a Active Directory Schema update and creating an additional object with the correct settings. All listed in the "Sudoers LDAP Manual".
Link:
https://www.sudo.ws/man/sudoers.ldap.man.html
What I'm trying to understand here is that when a users has a name that includes the word "Administrator", "Admin" or some variant they can't sudo, but any other user can if I add that name to the sudousers property in AD.
Anyone else ever encountered this?
Thanks in advance!