Hi folks long time reader first time poster just joined.

running into an issue with winbind connected to AD on a redhat 5 server.

Winbind allows root to take on any username from the network. With out even asking for a password.

so from a user with sudo they can sudo su username and login as a network user. Or they can use su and login as root then to a network user, I am new to winbind and other tools I have used in the past have not been able to do this, or at least it would ask for a password.

Any way to disable this or any one know how to force winbind to ask for a password when jumping from root to another user account ?