[Samba] Adding an AD group to /etc/sudoers?

Jeff Sadowski jeff.sadowski at gmail.com
Mon Dec 7 19:56:02 UTC 2015

I can't seem to get this working and here is what I have done so far.
I am using samba 4.1.6

my /etc/samba/smb.conf looks like so

   security = ads
   realm = DOMAIN.LONG
   workgroup = DOMAIN
   idmap config * : backend = tdb
   idmap config * : range = 2000-7999
   idmap config DOMAIN:backend = ad
   idmap config DOMAIN:range = 8000-9999999
   idmap config DOMAIN:schema_mode = rfc2307
   winbind nss info = rfc2307
   winbind use default domain = yes
   winbind nested groups=yes
   # so that the users show up in getent
   winbind enum users = Yes
   # doesn't seem to do the same for groups :-/
   winbind enum groups = Yes
   restrict anonymous = 2

In AD my group it has a gid 8001

#getent group it

in /etc/sudoers is the line

when I ssh to said machine like so

ssh myusername at problemhost

then run a command like so

> sudo echo
[sudo] password for myusername:
myusername is not in the sudoers file.  This incident will be reported.

I tried adding another line to /etc/sudoers as follows



but neither of them work either.

I seem to be able to get into the nfs shares I have group permissions to
but I can not get sudo to work with my AD user group.

More information about the samba mailing list