Добрый день!
Подскажите как добавить группу из Active Directory в группу astra-admin?
Доменные пользователи логинятся нормально, но добавить группу в sudo я не могу 
Подскажите как добавить группу из Active Directory в группу astra-admin?
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13roxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false
_apt:x:104:65534::/nonexistent:/bin/false
aldd:x:105:109:ALD Daemon Account,,,:/var/lib/ald:/bin/false
Debian-exim:x:106:110::/var/spool/exim4:/bin/false
nslcd:x:107:111:nslcd name service LDAP connection daemon,,,:/var/run/nslcd/:/bin/false
messagebus:x:108:112::/var/run/dbus:/bin/false
statd:x:109:65534::/var/lib/nfs:/bin/false
ntp:x:110:115::/home/ntp:/bin/false
postgres:x:111:117ostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
sshd:x:112:65534::/run/sshd:/usr/sbin/nologin
logcheck:x:113:118:logcheck system account,,,:/var/lib/logcheck:/bin/false
admin-sibi:x:1000:1000:,,,:/home/admin-sibi:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13
roxy:/bin:/usr/sbin/nologinwww-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false
_apt:x:104:65534::/nonexistent:/bin/false
aldd:x:105:109:ALD Daemon Account,,,:/var/lib/ald:/bin/false
Debian-exim:x:106:110::/var/spool/exim4:/bin/false
nslcd:x:107:111:nslcd name service LDAP connection daemon,,,:/var/run/nslcd/:/bin/false
messagebus:x:108:112::/var/run/dbus:/bin/false
statd:x:109:65534::/var/lib/nfs:/bin/false
ntp:x:110:115::/home/ntp:/bin/false
postgres:x:111:117
ostgreSQL administrator,,,:/var/lib/postgresql:/bin/bashsshd:x:112:65534::/run/sshd:/usr/sbin/nologin
logcheck:x:113:118:logcheck system account,,,:/var/lib/logcheck:/bin/false
admin-sibi:x:1000:1000:,,,:/home/admin-sibi:/bin/bash
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:logcheck
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:admin-sibi
floppy:x:25:admin-sibi
tape:x:26:
sudo:x:27:adminsibi
audio:x:29:admin-sibi
dip:x:30:admin-sibi
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:admin-sibi
sasl:x:45:
plugdev:x:46:admin-sibi
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
systemd-journal:x:101:
systemd-timesync:x:102:
systemd-network:x:103:
systemd-resolve:x:104:
systemd-bus-proxy:x:105:
input:x:106:
crontab:x:107:
netdev:x:108:admin-sibi
aldd:x:109:
Debian-exim:x:110:
nslcd:x:111:
messagebus:x:112:
ssh:x:113:
lpadmin:x:114:admin-sibi
ntp:x:115:
ssl-cert:x:116ostgres
postgres:x:117:
logcheck:x:118:
lpmac:x:900:
admin-sibi:x:1000:
astra-admin:x:1001:admin-sibi
astra-console:x:333:admin-sibi
rdma:x:119:
winbindd_priv:x:120:
sambashare:x:121:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:logcheck
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:admin-sibi
floppy:x:25:admin-sibi
tape:x:26:
sudo:x:27:adminsibi
audio:x:29:admin-sibi
dip:x:30:admin-sibi
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:admin-sibi
sasl:x:45:
plugdev:x:46:admin-sibi
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
systemd-journal:x:101:
systemd-timesync:x:102:
systemd-network:x:103:
systemd-resolve:x:104:
systemd-bus-proxy:x:105:
input:x:106:
crontab:x:107:
netdev:x:108:admin-sibi
aldd:x:109:
Debian-exim:x:110:
nslcd:x:111:
messagebus:x:112:
ssh:x:113:
lpadmin:x:114:admin-sibi
ntp:x:115:
ssl-cert:x:116
ostgrespostgres:x:117:
logcheck:x:118:
lpmac:x:900:
admin-sibi:x:1000:
astra-admin:x:1001:admin-sibi
astra-console:x:333:admin-sibi
rdma:x:119:
winbindd_priv:x:120:
sambashare:x:121:
● winbind.service - Samba Winbind Daemon
Loaded: loaded (/lib/systemd/system/winbind.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-11-05 17:21:25 MSK; 30min ago
Docs: man:winbindd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 1217 (winbindd)
Status: "winbindd: ready to serve connections..."
Tasks: 5 (limit: 4915)
CGroup: /system.slice/winbind.service
├─1217 /usr/sbin/winbindd --foreground --no-process-group
├─1241 winbindd: domain child [YYYYYY]
├─1247 winbindd: domain child [ХХХХХХ]
├─1267 winbindd: idmap child
└─1269 winbindd: domain child [BUILTIN]
Loaded: loaded (/lib/systemd/system/winbind.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-11-05 17:21:25 MSK; 30min ago
Docs: man:winbindd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 1217 (winbindd)
Status: "winbindd: ready to serve connections..."
Tasks: 5 (limit: 4915)
CGroup: /system.slice/winbind.service
├─1217 /usr/sbin/winbindd --foreground --no-process-group
├─1241 winbindd: domain child [YYYYYY]
├─1247 winbindd: domain child [ХХХХХХ]
├─1267 winbindd: idmap child
└─1269 winbindd: domain child [BUILTIN]
administrator
guest
defaultaccount
krbtgt
...
guest
defaultaccount
krbtgt
...
domain computers
domain controllers
schema admins
enterprise admins
cert publishers
domain admins
domain users
domain guests
group policy creator owners
ras and ias servers
allowed rodc password replication group
denied rodc password replication group
read-only domain controllers
enterprise read-only domain controllers
cloneable domain controllers
protected users
key admins
enterprise key admins
dnsadmins
dnsupdateproxy
dhcp users
dhcp administrators
...
domain controllers
schema admins
enterprise admins
cert publishers
domain admins
domain users
domain guests
group policy creator owners
ras and ias servers
allowed rodc password replication group
denied rodc password replication group
read-only domain controllers
enterprise read-only domain controllers
cloneable domain controllers
protected users
key admins
enterprise key admins
dnsadmins
dnsupdateproxy
dhcp users
dhcp administrators
...
