Configure Sudoers File in AD Bridge

Configure Entries in Your sudoers Files

When you add Active Directory entries to your sudoers file, typically /etc/sudoers, you must adhere to at least the following rules:

  • ALL must be in uppercase letters.
  • Use a slash character to escape the slash that separates the Active Directory domain from the user or group name.
  • Use the correct case; entries are case sensitive.
  • Use a user or group alias if the user or group has one in Active Directory.
  • If the user or group does not have an alias, you must set the user or group in the AD Bridge Enterprise canonical name format of NetBIOSdomainName\sAMAccountName (and escape the slash character).

For users or groups with an alias, the AD Bridge Enterprise canonical name format is the alias, which you must use. You cannot use the format of NetBIOS domain name\SAM account name.

For users and groups without an alias, the form of an entry in the sudoers file is as follows:

DOMAIN\\username

DOMAIN\\groupname

Example entry of a group:

% EXAMPLE\\LinuxFullAdmins ALL=(ALL) ALL

Example entry of a user with an alias:

kyle ALL=(ALL) ALL

For more information about how to format your sudoers file, please see your computer's man page for sudo.