<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<meta charset="utf-8">
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">>
do you have 'sudo: files sss" or "sudoers: files sss"? The former
doesn't do anything, the latter is correct.
<br>
</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">My
mistake, I meant<br>
</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">
sudoers: files sss<br>
<br>
But oddly, out of the three 16.04 boxes I set up and enrolled, it
was missing on one of them - and this happened to be the one I was
checking logs on :-( (However, sudo fails in the same way on all
three machines)<br>
</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">So
after adding this I've rechecked logs.</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">/var/log/sudo-debug
is the same, in particular it still shows "policy plugin returns
0" and nothing after.<br>
</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">With
sss_debuglevel 5, /var/log/sssd/sssd_IPA.EXAMPLE.COM.log has<br>
</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">...<br>
(Wed May 3 08:50:37 2017) [sssd[be[IPA.EXAMPLE.COM]]]
[pam_print_data] (0x0100): ruser: brian.candler<br>
(Wed May 3 08:50:37 2017) [sssd[be[IPA.EXAMPLE.COM]]]
[pam_print_data] (0x0100): rhost:<br>
(Wed May 3 08:50:37 2017) [sssd[be[IPA.EXAMPLE.COM]]]
[pam_print_data] (0x0100): authtok type: 0<br>
(Wed May 3 08:50:37 2017) [sssd[be[IPA.EXAMPLE.COM]]]
[pam_print_data] (0x0100): newauthtok type: 0<br>
(Wed May 3 08:50:37 2017) [sssd[be[IPA.EXAMPLE.COM]]]
[pam_print_data] (0x0100): priv: 0<br>
(Wed May 3 08:50:37 2017) [sssd[be[IPA.EXAMPLE.COM]]]
[pam_print_data] (0x0100): cli_pid: 22709<br>
(Wed May 3 08:50:37 2017) [sssd[be[IPA.EXAMPLE.COM]]]
[pam_print_data] (0x0100): logon name: not set<br>
(Wed May 3 08:50:37 2017) [sssd[be[IPA.EXAMPLE.COM]]]
[ipa_hostgroup_info_done] (0x0200): Dereferenced host group:
normal_hosts<br>
(Wed May 3 08:50:37 2017) [sssd[be[IPA.EXAMPLE.COM]]]
[ipa_hostgroup_info_done] (0x0200): Dereferenced host group:
development_hosts<br>
(Wed May 3 08:50:37 2017) [sssd[be[IPA.EXAMPLE.COM]]]
[hbac_get_category] (0x0200): Category is set to 'all'.<br>
(Wed May 3 08:50:37 2017) [sssd[be[IPA.EXAMPLE.COM]]]
[ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule
[allow_normal_hosts]<br>
(Wed May 3 08:50:37 2017) [sssd[be[IPA.EXAMPLE.COM]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 0,
<NULL>) [Success]<br>
(Wed May 3 08:50:37 2017) [sssd[be[IPA.EXAMPLE.COM]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 0,
Success) [Success]<br>
(Wed May 3 08:50:37 2017) [sssd[be[IPA.EXAMPLE.COM]]]
[be_pam_handler_callback] (0x0100): Sending result
[0][IPA.EXAMPLE.COM]<br>
(Wed May 3 08:50:37 2017) [sssd[be[IPA.EXAMPLE.COM]]]
[be_pam_handler_callback] (0x0100): Sent result
[0][IPA.EXAMPLE.COM]</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">("allow_normal_hosts"
is indeed the name of the rule in FreeIPA database)<br>
</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">sssd.log
has:</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">(Wed
May 3 08:50:35 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
Received client version [1].<br>
(Wed May 3 08:50:35 2017) [sssd[nss]] [sss_cmd_get_version]
(0x0200): Offered version [1].<br>
(Wed May 3 08:50:35 2017) [sssd[nss]]
[sss_parse_name_for_domains] (0x0200): name 'root' matched without
domain, user is root<br>
(Wed May 3 08:50:35 2017) [sssd[nss]] [nss_cmd_getbynam]
(0x0100): Requesting info for [root] from [<ALL>]<br>
(Wed May 3 08:50:35 2017) [sssd[nss]] [nss_cmd_initgroups_search]
(0x0080): No matching domain found for [root], fail!<br>
(Wed May 3 08:50:37 2017) [sssd[nss]] [client_recv] (0x0200):
Client disconnected!</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">(Hmm,
suspicious that error about "root" ??)<br>
</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">sssd_sudo.log
has:</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">(Wed
May 3 08:50:35 2017) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
Received client version [1].<br>
(Wed May 3 08:50:35 2017) [sssd[sudo]] [sss_cmd_get_version]
(0x0200): Offered version [1].<br>
(Wed May 3 08:50:35 2017) [sssd[sudo]]
[sss_parse_name_for_domains] (0x0200): name 'brian.candler'
matched without domain, user is brian.candler<br>
(Wed May 3 08:50:35 2017) [sssd[sudo]]
[sss_parse_name_for_domains] (0x0200): name 'brian.candler'
matched without domain, user is brian.candler<br>
(Wed May 3 08:50:35 2017) [sssd[sudo]]
[sudosrv_cmd_parse_query_done] (0x0200): Requesting default
options for [brian.candler] from [<ALL>]<br>
(Wed May 3 08:50:35 2017) [sssd[sudo]] [sudosrv_get_user]
(0x0200): Requesting info about [<a class="moz-txt-link-abbreviated" href="mailto:brian.candler@IPA.EXAMPLE.COM">brian.candler@IPA.EXAMPLE.COM</a>]<br>
(Wed May 3 08:50:35 2017) [sssd[sudo]]
[sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=brian.candler)(sudoUser=#1211000003)(sudoUser=%security_administrators)(sudoUser=%admins)(sudoUser=%network_readonly)(sudoUser=%vpn)(sudoUser=%system_administrators)(sudoUser=%ipausers)(sudoUser=%staff)(sudoUser=%brian.candler)(sudoUser=+*))(&(dataExpireTimestamp<=1493801435)))]<br>
(Wed May 3 08:50:35 2017) [sssd[sudo]]
[sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(name=defaults)))]<br>
(Wed May 3 08:50:35 2017) [sssd[sudo]]
[sss_parse_name_for_domains] (0x0200): name 'brian.candler'
matched without domain, user is brian.candler<br>
(Wed May 3 08:50:35 2017) [sssd[sudo]]
[sss_parse_name_for_domains] (0x0200): name 'brian.candler'
matched without domain, user is brian.candler<br>
(Wed May 3 08:50:35 2017) [sssd[sudo]]
[sudosrv_cmd_parse_query_done] (0x0200): Requesting rules for
[brian.candler] from [<ALL>]<br>
(Wed May 3 08:50:35 2017) [sssd[sudo]] [sudosrv_get_user]
(0x0200): Requesting info about [<a class="moz-txt-link-abbreviated" href="mailto:brian.candler@IPA.EXAMPLE.COM">brian.candler@IPA.EXAMPLE.COM</a>]<br>
(Wed May 3 08:50:35 2017) [sssd[sudo]]
[sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=brian.candler)(sudoUser=#1211000003)(sudoUser=%security_administrators)(sudoUser=%admins)(sudoUser=%network_readonly)(sudoUser=%vpn)(sudoUser=%system_administrators)(sudoUser=%ipausers)(sudoUser=%staff)(sudoUser=%brian.candler)(sudoUser=+*))(&(dataExpireTimestamp<=1493801435)))]<br>
(Wed May 3 08:50:35 2017) [sssd[sudo]]
[sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=brian.candler)(sudoUser=#1211000003)(sudoUser=%security_administrators)(sudoUser=%admins)(sudoUser=%network_readonly)(sudoUser=%vpn)(sudoUser=%system_administrators)(sudoUser=%ipausers)(sudoUser=%staff)(sudoUser=%brian.candler)(sudoUser=+*)))]<br>
(Wed May 3 08:50:37 2017) [sssd[sudo]] [client_recv] (0x0200):
Client disconnected!</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">sssd_pam.log
has:</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">(Wed
May 3 08:50:37 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
Received client version [3].<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [sss_cmd_get_version]
(0x0200): Offered version [3].<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_cmd_authenticate]
(0x0100): entering pam_cmd_authenticate<br>
(Wed May 3 08:50:37 2017) [sssd[pam]]
[sss_parse_name_for_domains] (0x0200): name 'brian.candler'
matched without domain, user is brian.candler<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
command: SSS_PAM_AUTHENTICATE<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
domain: not set<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
user: brian.candler<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
service: sudo<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
tty: /dev/pts/1<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
ruser: brian.candler<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
rhost: not set<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
authtok type: 1<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
newauthtok type: 0<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
priv: 0<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
cli_pid: 22709<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
logon name: brian.candler<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_check_user_search]
(0x0100): Requesting info for [<a class="moz-txt-link-abbreviated" href="mailto:brian.candler@IPA.EXAMPLE.COM">brian.candler@IPA.EXAMPLE.COM</a>]<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_dp_send_req] (0x0100):
Sending request with the following data:<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
command: SSS_PAM_AUTHENTICATE<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
domain: IPA.EXAMPLE.COM<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
user: brian.candler<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
service: sudo<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
tty: /dev/pts/1<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
ruser: brian.candler<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
rhost: not set<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
authtok type: 1<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
newauthtok type: 0<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
priv: 0<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
cli_pid: 22709<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
logon name: brian.candler<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_dom_forwarder]
(0x0100): pam_dp_send_req returned 0<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_dp_process_reply]
(0x0200): received: [0 (Success)][IPA.EXAMPLE.COM]<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_reply] (0x0200):
pam_reply called with result [0]: Success.<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_reply] (0x0200):
pam_reply called with result [0]: Success.<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_reply] (0x0200): blen:
83<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_cmd_acct_mgmt]
(0x0100): entering pam_cmd_acct_mgmt<br>
(Wed May 3 08:50:37 2017) [sssd[pam]]
[sss_parse_name_for_domains] (0x0200): name 'brian.candler'
matched without domain, user is brian.candler<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
command: SSS_PAM_ACCT_MGMT<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
domain: not set<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
user: brian.candler<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
service: sudo<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
tty: /dev/pts/1<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
ruser: brian.candler<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
rhost: not set<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
authtok type: 0<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
newauthtok type: 0<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
priv: 0<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
cli_pid: 22709<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
logon name: brian.candler<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_check_user_search]
(0x0100): Requesting info for [<a class="moz-txt-link-abbreviated" href="mailto:brian.candler@IPA.EXAMPLE.COM">brian.candler@IPA.EXAMPLE.COM</a>]<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_dp_send_req] (0x0100):
Sending request with the following data:<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
command: SSS_PAM_ACCT_MGMT<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
domain: IPA.EXAMPLE.COM<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
user: brian.candler<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
service: sudo<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
tty: /dev/pts/1<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
ruser: brian.candler<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
rhost: not set<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
authtok type: 0<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
newauthtok type: 0<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
priv: 0<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
cli_pid: 22709<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_print_data] (0x0100):
logon name: brian.candler<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_dom_forwarder]
(0x0100): pam_dp_send_req returned 0<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_dp_process_reply]
(0x0200): received: [0 (Success)][IPA.EXAMPLE.COM]<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_reply] (0x0200):
pam_reply called with result [0]: Success.<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [pam_reply] (0x0200): blen:
34<br>
(Wed May 3 08:50:37 2017) [sssd[pam]] [client_recv] (0x0200):
Client disconnected!</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;"><br>
</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">I
probably should have said: logging into the machine with an IPA
account works fine, and "id brian.candler" works fine. It's just
sudo which is failing.<br>
</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">
> if you crank up debugging in the sudo section in sssd.conf do
you see any activity at all? do you have
'/usr/lib64/libsss_sudo.so' installed? On fedora/rhel, this is
provided by libsss_sudo, I don't know what provides it on Debian.</p>
<p style="color: rgb(0, 0, 0); font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none; widows:
2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-style: initial; text-decoration-color: initial;">Yes
it's there, in this package:<br>
</p>
ii libsss-sudo
1.13.4-1ubuntu1.2 amd64 Communicator
library for sudo<br>
<br>
# ls -l /usr/lib/x86_64-linux-gnu/libsss_sudo.so<br>
-rw-r--r-- 1 root root 19048 Feb 23 17:53
/usr/lib/x86_64-linux-gnu/libsss_sudo.so<br>
<br>
# file /usr/lib/x86_64-linux-gnu/libsss_sudo.so<br>
/usr/lib/x86_64-linux-gnu/libsss_sudo.so: ELF 64-bit LSB shared
object, x86-64, version 1 (SYSV), dynamically linked,
BuildID[sha1]=7eb72ec85bdd76aca8d82e03a3fad9aa12abc0ba, stripped<br>
<br>
Regards,<br>
<br>
Brian.<br>
</body>
</html>