Feature:Extend privilege authorization to control domain users ability to SSH to the client #1239
Description
Is there an existing request for this feature?
- I have searched the existing issues and found none that matched mine
Describe the feature
I have a use case where I require domain users / groups to be able to log onto and manage with sudo privileges (if required) to Ubuntu clients that are headless (I have no requirement for the GUI to be installed).
Currently ADSYS does not cater for allowing users to be able to remote onto a client using SSH.
There are methods for allowing SSH access with domain authentication, but these methods do not tap into windows group policy. Benefits of GPO are centralised management and creating a standard configuration.
To me as a Ubuntu pro customer, I feel this is a huge hole in being able to integrate Ubuntu into a large windows environment.
Describe the ideal solution
The requirements would be:
- Currently running Jammy with ambition to move to Noble. Support for these versions.
- Standard users allowed to domain authenticate onto client using SSH with no sudo rights.
- Sudoer users allowed to domain authenticate onto client using SSH.
Alternatives and current workarounds
No response
Ubuntu users: System information
No response
Non Ubuntu users: System information
Environment
- adsys version: please run
adsysctl version - Distribution: (NAME in
/etc/os-release) - Distribution version: (VERSION_ID on
/etc/os-release):
Log files
Please redact/remove sensitive information:
adsys service logs can be acquired by running `adsysctl service cat -v`.
You can increase the amount of information displayed by increasing the verbosity level (-v) to -vv or -vvv.
Application settings
Please redact/remove sensitive information:
Paste the contents of your adsys.yaml file here, if you created one.
Additional information
No response
Double check your logs
- I have redacted any sensitive information from the logs