Realm AD Group Sudo Access


So with SSSD on RHEL boxes, one thing we want to do is use Active Directory groups on linux machines. This is how you can do this:

NOTE: For this to work, users in AD must have a ‘uidNumber’ and a ‘gidNumber’ assigned. These can be viewed on ‘Attributes’ tab in the AD User object and the AD Group Object which only has a ‘gidNumber’.

To Resolve:

1. Create ad group

2. Assign gidnumber to the group

3. Edit /etc/sudoers to allow them under wheel

# Uncommment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
%test-group ALL=(ALL) ALL

4. Add user to that group in ad

5. Upon removing user from group, they will not have sudo access.