February 6, 2018

Allow Active Directory Domain Users to sudo without password

By Geekphreek

Sometimes it’s painful to do something that should be so simple. Once you’ve gotten through the pain of doing SSSD/AD joining, you’ll want domain groups to be able to do “stuff” without hindrance, maybe. Try this line in the file in /etc/sudoers.d/sudoers (you’ll have to create it):

%domain\ users ALL=(ALL) NOPASSWD: /bin/mount, /bin/umount

Okay, that’s quite unsafe but it gives you a clue.