Realm AD Group Sudo Access

Description:

So with SSSD on RHEL boxes, one thing we want to do is use Active Directory groups on linux machines. This is how you can do this:

NOTE: For this to work, users in AD must have a ‘uidNumber’ and a ‘gidNumber’ assigned. These can be viewed on ‘Attributes’ tab in the AD User object and the AD Group Object which only has a ‘gidNumber’.

To Resolve:

1. Create ad group

2. Assign gidnumber to the group

3. Edit /etc/sudoers to allow them under wheel

# Uncommment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
%test-group ALL=(ALL) ALL

4. Add user to that group in ad

5. Upon removing user from group, they will not have sudo access.