Grant local rights (SLES10.2) to domain users (AD)

We’re working on a solution to add our SLES(10.2) servers in our Windows
Our SLES servers are primairily used for Oracle databases and the
domain users which are granted access are DBA-administrators.

We’ve joined the server to the domain and can succesfully login with
our domain account.
Futhermore, we edited the file /etc/security/pam_winbind.conf so that
only members of the “linux”-group (AD security group)
can login to the server. Next we’ve edited our /etc/sudoers file so
that those users can run only commands as user “oracle” (sudo -u oracle

So Far, all is well.

The problem is that the domain-user has no rights to the directory
where the commands (bv. sqlplus) are located.
We tried to add the domain user to the /etc/group
(groupname:!:107:oracle,DOMAIN\domainuser). That didn’t work.

How can we give out local rights to domain users? Or are there any
other solutions?


fogier’s Profile:
View this thread:


It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

  • Visit and search the knowledgebase and/or check all
    the other self support options and support programs available.
  • You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (

Be sure to read the forum FAQ about what to expect in the way of responses:

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team