<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 03/04/2013 09:14 PM, Steven Jones wrote:
<blockquote
cite="mid:833D8E48405E064EBC54C84EC6B36E4071628B7B@STAWINCOX10MBX1.staff.vuw.ac.nz"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
<div style="direction: ltr; font-family: Tahoma; color: rgb(0, 0,
0); font-size: 10pt;">It seems sudo su - for admins nolonger
works<br>
<br>
=====<br>
[jonesst1@8kxl72s ~]$ ssh vuwunicobandbd1.ods.vuw.ac.nz
<a class="moz-txt-link-abbreviated" href="mailto:jonesst1@vuwunicobandbd1.ods.vuw.ac.nz">jonesst1@vuwunicobandbd1.ods.vuw.ac.nz</a>'s password: Last login:
Thu Feb 28 11:33:11 2013 from 130.195.245.249 Kickstarted on
2012-07-27 ORACLE_BASE environment variable is not being set
since this information is not available for the current user ID
jonesst1. You can set ORACLE_BASE manually if it is required.
Running /apps/sct/banner8/admin/banenv...
[jonesst1@vuwunicobandbd1 ~]$ sudo su - LDAP Config Summary
=================== uri <a class="moz-txt-link-freetext" href="ldap://vuwunicoipam001.ods.vuw.ac.nz">ldap://vuwunicoipam001.ods.vuw.ac.nz</a>
ldap_version 3 sudoers_base ou=SUDOers,dc=ods,dc=vuw,dc=ac,dc=nz
binddn uid=sudo,cn=sysaccounts,cn=etc,dc=ods,dc=vuw,dc=ac,dc=nz
bindpw <a class="moz-txt-link-abbreviated" href="http://www.apac.c0m">www.apac.c0m</a> bind_timelimit 5000000 ssl start_tls
tls_checkpeer (no) tls_cacertfile /etc/ipa/ca.crt
=================== sudo: ldap_set_option: debug -> 0 sudo:
ldap_set_option: tls_checkpeer -> 0 sudo: ldap_set_option:
tls_cacertfile -> /etc/ipa/ca.crt sudo: ldap_set_option:
tls_cacert -> /etc/ipa/ca.crt sudo: ldap_initialize(ld,
<a class="moz-txt-link-freetext" href="ldap://vuwunicoipam001.ods.vuw.ac.nz">ldap://vuwunicoipam001.ods.vuw.ac.nz</a>) sudo: ldap_set_option:
ldap_version -> 3 sudo:
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5000) sudo:
ldap_start_tls_s() ok sudo: ldap_sasl_bind_s() ok sudo: no
default options found in ou=SUDOers,dc=ods,dc=vuw,dc=ac,dc=nz
sudo: ldap search
'(|(sudoUser=jonesst1)(sudoUser=%jonesst1)(sudoUser=%svnuser)(sudoUser=%ipausers)(sudoUser=%desktop-admins-test)(sudoUser=%steven-desktop)(sudoUser=%its-ops-servers)(sudoUser=%its-research-users-servers)(sudoUser=ALL))'
sudo:
found:cn=su-sudo-su-test,ou=sudoers,dc=ods,dc=vuw,dc=ac,dc=nz
sudo: ldap sudoHost 'vuwunicosas0002.ods.vuw.ac.nz' ... not
sudo:
found:cn=su-server-ops-admin,ou=sudoers,dc=ods,dc=vuw,dc=ac,dc=nz
sudo: ldap sudoHost '+servers' ... not sudo: ldap search
'sudoUser=+*' sudo: user_matches=1 sudo: host_matches=0 sudo:
sudo_ldap_lookup(0)=0x40 [sudo] password for jonesst1:
<br>
=====<br>
</div>
</blockquote>
<br>
Sorry this is hardly readable. Any chance you can paste something
better formatted?<br>
<br>
<blockquote
cite="mid:833D8E48405E064EBC54C84EC6B36E4071628B7B@STAWINCOX10MBX1.staff.vuw.ac.nz"
type="cite">
<div style="direction: ltr;font-family: Tahoma;color:
#000000;font-size: 10pt;">
<br>
I get a host match failure, nisdomainname and domainname match<br>
<br>
========<br>
[root@vuwunicobandbd1 sssd]# domainname<br>
ods.vuw.ac.nz<br>
[root@vuwunicobandbd1 sssd]# nisdomainname<br>
ods.vuw.ac.nz<br>
[root@vuwunicobandbd1 sssd]# getent netgroup servers<br>
servers <br>
=======<br>
<br>
but getent fails to return as above. This was working in August
but it seems that on all the RHEL6 servers sudo su - no longer
works.<br>
<br>
any ideas please?<br>
<div><br>
<div style="font-family:Tahoma; font-size:13px">
<p>regards</p>
<p>Steven Jones</p>
<p>Technical Specialist - Linux RHCE</p>
<p>Victoria University, Wellington, NZ</p>
<p>0064 4 463 6272</p>
</div>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>