Search the VMware Knowledge Base (KB)
View by Article ID

Setting up sudo with Active Directory accounts (1027766)

  • 5 Ratings

Symptoms

  • Using the Active Directory integration function in VMware ESX 4.1, you cannot use the sudo command to view logs
  • The user is logged as DOMAIN\user_name

Purpose

This article provides a procedure to set up sudo with active directory accounts by adding Active Directory groups into the /etc/sudoers file.

Resolution

To add Active Directory groups to the sudoer file:
 
Note: In this procedure replace MYDOMAIN with your domain name and the group called ESX_Admins with the group name containing your Administrator accounts (MYDOMAIN\ESX Admins ).
  1. SSH to the host with root credentials
  2. Change directory to /etc: 

    cd /etc

  3. Backup the sudoers file:

    cp sudoers sudoers.orig

  4. Open the /etc/sudoers file in a text editor.
  5. Uncomment %wheel in one of the following lines depending on the intended behavior desired:

    ## Allows people in group wheel to run all commands
    # %wheel ALL=(ALL) ALL

    ## Same thing without a password
    # %wheel ALL=(ALL) NOPASSWD: ALL 


  6. Add your domain and group under the %wheel identifier:

    For example:
    • %MYDOMAIN\\ESX\ Admins ALL = (ALL) ALL
    • %MYDOMAIN\\Active\ Directory\ Admin ALL = (ALL) ALL

      Note
      : The \ in the above examples is used to escape the spaces in the names ESX Admins and Active Directory Admin .

  7. Save and quit the /etc/sudoers file.
Notes:
  • Run this command to list the groups and save it into a groups.txt file in the /var/log/ directory:

    # lw-lsa enum-groups > /var/log/groups.txt

  • If you are not prompted for password, you may need to restart the server.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 5 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 5 Ratings
Actions
KB: