<div dir="ltr"><div><div>Cory, </div>Thanks for the update and link. And a big thanks to everyone else for their time looking at this. I also was able to install the referenced .deb and now sudo works as expected. </div>Jeff <div class="gmail_extra"> <div class="gmail_quote">On Tue, Aug 30, 2016 at 12:46 PM, Cory Francis Myers <<a href="mailto:cory@trinitymobilenetworks.com" target="_blank">cory@trinitymobilenetworks.com</a>> wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Pavel Březina | Tue, 30 Aug 2016 02:59:55 -0700: > unfortunately sudo 1.8.16 introduced a bug in sssd plugin. 1.8.16 > contains a new option called netgroup_tuple, which tells whether a > full netgroup tuply is check or only the host/user part in host/user > check. However, the patch didn't make the sssd plugin to obey this > option and it always check both hostname and username. > > It is fixed in 1.8.17 by this patch: > <a href="https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7" rel="noreferrer" target="_blank">https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7</a> > > Please, report bug against Ubuntu sudo to backport this patch or rebase > sudo. Already open on Launchpad, it looks like: <a href="https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1607666" rel="noreferrer" target="_blank">https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1607666</a> sudo 1.8.17 installed from "sudo_1.8.17-2_amd64.deb"[1] is working for us now. Thank you for the suggestion. Jeff, I hope you have the same good luck. --- cfm. [1] <a href="https://www.sudo.ws/download.html" rel="noreferrer" target="_blank">https://www.sudo.ws/download.html</a> -- Manage your subscription for the Freeipa-users mailing list: <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a> Go to <a href="http://freeipa.org" rel="noreferrer" target="_blank">http://freeipa.org</a> for more info on the project </blockquote></div> </div></div>