Link sudoers in linux (centos7) with Active Directory group

Assignment: create Active Directory group for linux administrator who need a root privilege (sudo su) with no password required.

1. Create linuxadm group at Active Directory server with group type: security.

2. Add Active Directory user account into linuxadm group (e.g bruce wayne).

3. Add Active Directory group into sudoers profile (/etc/sudoers) using visudo on linux server.

[root@labnfs ~]# visudo

%BATMAN.LOCAL\\linuxadm         ALL=(ALL)       NOPASSWD: ALL

4.  check UID  before/after run "sudo su" on Linux server using Active Directory user account to confirm it.

aghiel@aghiel-mbproi9 ~ % ssh bruce@labnfs

bruce@labnfs's password: 

[bruce@labnfs ~]$ 

[bruce@labnfs ~]$ id

uid=215401106(bruce) gid=215400513(domain users) groups=215400513(domain users),215401120(linuxadm) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[bruce@labnfs ~]$ sudo su

[root@labnfs bruce]# id

uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[root@labnfs bruce]# 

Note: When you add/remove user account into Active Directory group, user must logout of linux server first to make it happens.