Mapping Ad account to Local Linux Group with Centrify Express on CentOS 6

Step 1. In order to add the AD User to the local User Group

adduser command is not nsswitch aware and do not recognize a user not locally defined when adding someone to a group.

# vim /etc/group
.....
.....
users:x:100:user1,user2

Step 2: Edit /etc/centrifydc/centrifydc.conf

Edit /etc/centrifydc/centrifydc.conf, uncomment and change the following parameter to true

# Merge local group membership from /etc/group into the Centrify group
# response for groups with the same name and gid.  This violates the NSS
# interface behavior and may have unexpected side effects, so it is
# disabled by default. You must run adreload to detect changes
# in the local group file.
#
adclient.local.group.merge:true

Step 3: Centrify Load and Flush

# adreload && adflush

Step 4: Check and verify.

Logon as user1

$ id -a
uid=.........gid=.......... 100(users) .....................

References:

  1. How to Add AD user local group

Add an Active Directory (AD) Domain Account to sudo on Centrify Express for CentOS 6

Adding a Active Directory (AD) Domain Account to /etc/sudo is fairly easy on Centrify Express for CentOS 6. Suppose you have an AD Group called “Sys_Admin”, just add it to the

.....
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
%System_Admin ALL=(ALL)       ALL
.....

If it is an individual user, just get the userid from Active Directory

# getent passwd myuserid
user1:x:122:122:User1 Name:/home/user1:/bin/centrifyda

Update /etc/sudoers

.....
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
%user1 ALL=(ALL)       ALL
.....

Do a final check on whether the sudo is working fine by doing

# sudo -l

Matching Defaults entries for user1 on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS
DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1
PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE
LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY
LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL
LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User user1 may run the following commands on this host:
(ALL) ALL