The big prerequisite is that you have to have Samba and Winbind properly setup to authenticate your Linux boxes against Active Directory. Read Samba’s documentation and refer to my InteropWiki notes for help.
Once you’re able to login into Linux as Active Directory user, running the id command should display something like this:
uid=13930(michael) gid=10512(domain admins) groups=10512(domain admins),10513(domain users),11006(teachers),11607(sti everyone 2),11608(sti jr. high),11609(sti high school),11610(sti grade school)
Where groups=… is a list of the Active Directory groups of which your user is a member.
Run the visudo command as root:
michael@mail:~$ su –
Password: –root’s password–
In the editor (probably vim or nano) scroll to the end and add the following line:
%domain\ admins ALL= ALL
The % sign means the following name is a group name, and you need the backslash in order to use group names with spaces. Vim’s syntax highlighting doesn’t seem to properly parse the group name after you use a slash, but sudo will know what you’re talking about.
Save the file, exit the editor, and now all of your Domain Admins have root access!
To run a command as root simply prepend the sudo command:
michael@mail:~$ sudo aptitude
You’ll be asked to enter your password (not root’s!) only once as long as you continue to use sudo within a specific timeout period.