<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    On 03/04/2013 09:14 PM, Steven Jones wrote:
    <blockquote
cite="mid:833D8E48405E064EBC54C84EC6B36E4071628B7B@STAWINCOX10MBX1.staff.vuw.ac.nz"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      <style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
      <div style="direction: ltr; font-family: Tahoma; color: rgb(0, 0,
        0); font-size: 10pt;">It seems sudo su - for admins nolonger
        works<br>
        <br>
        =====<br>
        [jonesst1@8kxl72s ~]$ ssh vuwunicobandbd1.ods.vuw.ac.nz
        <a class="moz-txt-link-abbreviated" href="mailto:jonesst1@vuwunicobandbd1.ods.vuw.ac.nz">jonesst1@vuwunicobandbd1.ods.vuw.ac.nz</a>'s password: Last login:
        Thu Feb 28 11:33:11 2013 from 130.195.245.249 Kickstarted on
        2012-07-27 ORACLE_BASE environment variable is not being set
        since this information is not available for the current user ID
        jonesst1. You can set ORACLE_BASE manually if it is required.
        Running /apps/sct/banner8/admin/banenv...
        [jonesst1@vuwunicobandbd1 ~]$ sudo su - LDAP Config Summary
        =================== uri <a class="moz-txt-link-freetext" href="ldap://vuwunicoipam001.ods.vuw.ac.nz">ldap://vuwunicoipam001.ods.vuw.ac.nz</a>
        ldap_version 3 sudoers_base ou=SUDOers,dc=ods,dc=vuw,dc=ac,dc=nz
        binddn uid=sudo,cn=sysaccounts,cn=etc,dc=ods,dc=vuw,dc=ac,dc=nz
        bindpw <a class="moz-txt-link-abbreviated" href="http://www.apac.c0m">www.apac.c0m</a> bind_timelimit 5000000 ssl start_tls
        tls_checkpeer (no) tls_cacertfile /etc/ipa/ca.crt
        =================== sudo: ldap_set_option: debug -> 0 sudo:
        ldap_set_option: tls_checkpeer -> 0 sudo: ldap_set_option:
        tls_cacertfile -> /etc/ipa/ca.crt sudo: ldap_set_option:
        tls_cacert -> /etc/ipa/ca.crt sudo: ldap_initialize(ld,
        <a class="moz-txt-link-freetext" href="ldap://vuwunicoipam001.ods.vuw.ac.nz">ldap://vuwunicoipam001.ods.vuw.ac.nz</a>) sudo: ldap_set_option:
        ldap_version -> 3 sudo:
        ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5000) sudo:
        ldap_start_tls_s() ok sudo: ldap_sasl_bind_s() ok sudo: no
        default options found in ou=SUDOers,dc=ods,dc=vuw,dc=ac,dc=nz
        sudo: ldap search
        '(|(sudoUser=jonesst1)(sudoUser=%jonesst1)(sudoUser=%svnuser)(sudoUser=%ipausers)(sudoUser=%desktop-admins-test)(sudoUser=%steven-desktop)(sudoUser=%its-ops-servers)(sudoUser=%its-research-users-servers)(sudoUser=ALL))'

        sudo:
        found:cn=su-sudo-su-test,ou=sudoers,dc=ods,dc=vuw,dc=ac,dc=nz
        sudo: ldap sudoHost 'vuwunicosas0002.ods.vuw.ac.nz' ... not
        sudo:
        found:cn=su-server-ops-admin,ou=sudoers,dc=ods,dc=vuw,dc=ac,dc=nz
        sudo: ldap sudoHost '+servers' ... not sudo: ldap search
        'sudoUser=+*' sudo: user_matches=1 sudo: host_matches=0 sudo:
        sudo_ldap_lookup(0)=0x40 [sudo] password for jonesst1:
        <br>
        =====<br>
      </div>
    </blockquote>
    <br>
    Sorry this is hardly readable. Any chance you can paste something
    better formatted?<br>
    <br>
    <blockquote
cite="mid:833D8E48405E064EBC54C84EC6B36E4071628B7B@STAWINCOX10MBX1.staff.vuw.ac.nz"
      type="cite">
      <div style="direction: ltr;font-family: Tahoma;color:
        #000000;font-size: 10pt;">
        <br>
        I get a host match failure, nisdomainname and domainname match<br>
        <br>
        ========<br>
        [root@vuwunicobandbd1 sssd]# domainname<br>
        ods.vuw.ac.nz<br>
        [root@vuwunicobandbd1 sssd]# nisdomainname<br>
        ods.vuw.ac.nz<br>
        [root@vuwunicobandbd1 sssd]# getent netgroup servers<br>
        servers              <br>
        =======<br>
        <br>
        but getent fails to return as above.  This was working in August
        but it seems that on all the RHEL6 servers sudo su - no longer
        works.<br>
        <br>
        any ideas please?<br>
        <div><br>
          <div style="font-family:Tahoma; font-size:13px">
            <p>regards</p>
            <p>Steven Jones</p>
            <p>Technical Specialist - Linux RHCE</p>
            <p>Victoria University, Wellington, NZ</p>
            <p>0064 4 463 6272</p>
          </div>
        </div>
        <br>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
    </blockquote>
    <br>
    <br>
    <pre class="moz-signature" cols="72">-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>


</pre>
  </body>
</html>