The following sudo lines do not work, despite the group being listed in both parameters (auto.schema.groups and auto.schema.allow.groups) in /etc/centrifydc/centrifydc.conf
The sudo version is 1.8
In the following example, "security admins" is the test group. Notice the space in the group name. Normally, the spaces are escaped with backslashes. The domain could also be specified previously.
%domain\\security\ admins ALL=(ALL) ALL
Or:
%domain\\security_admins ALL=(ALL) ALL
Both of the above should fail if a user in security admins tries to sudo to root.
Workaround:
Use underscores instead of spaces, additionally the feature for specifying a domain has been depreciated.
The following example will work:
%security_admins ALL=(ALL) ALL