[Freeipa-users] Issue IPA: AD Users and IPA Users when using SSS/LDAP with SUDO
Pavel Březina
pbrezina at redhat.com
Tue May 7 12:21:38 UTC 2013
On 05/03/2013 12:42 PM, Aly Khimji wrote:
> Hey Pavel/guys
>
> Any luck recreating the problem?
Hi,
sorry for the delay. I can confirm that sudo does not work with users
from trusted domain anymore. I created a ticket:
https://fedorahosted.org/sssd/ticket/1912
Patch for 1.9 branch is on sssd-devel list.
> Thx for the help
>
> Aly
>
>
> Thanks Pavel,
>
> Very much appreciated
>
> Aly
>
>
> On Tue, Apr 30, 2013 at 1:41 PM, Pavel Brezina <pbrezina at redhat.com
> <mailto:pbrezina at redhat.com>> wrote:
>
>
>
> ----- Original Message -----
> > From: "Pavel Březina" <pbrezina at redhat.com
> <mailto:pbrezina at redhat.com>>
> > To: "Aly Khimji" <aly.khimji at gmail.com <mailto:aly.khimji at gmail.com>>
> > Cc: freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
> > Sent: Monday, April 29, 2013 9:11:25 PM
> > Subject: Re: [Freeipa-users] Issue IPA: AD Users and IPA Users
> when using SSS/LDAP with SUDO
> >
> > On 04/29/2013 08:31 PM, Aly Khimji wrote:
> > > Hey Pavel/Guys,
> > >
> > > Do you see anything in the new logs that might help?
> > >
> > > I saw this bug
> https://bugzilla.redhat.com/show_bug.cgi?id=871160 that
> > > reports this issue exactly.
> > > However its reported as fixed but I am still having the same
> issue. I am
> > > building out a new test environment and I am also deploying a FC18
> > > client which seems to have newer sssd/libsss_sudo packages that i
> > > suppose haven't made it up stream yet
> > >
> > > Currently installed on my client
> > >
> > > libsss_sudo-1.9.2-82.7.el6_4.x86_64
> > > sssd-client-1.9.2-82.7.el6_4.x86_64
> > > libsss_idmap-1.9.2-82.7.el6_4.x86_64
> > > libsss_autofs-1.9.2-82.el6.x86_64
> > > sssd-1.9.2-82.7.el6_4.x86_64
> > >
> > > I've increased the logging to 10, just incase it helps. here it the
> > > sss_sudo log for a login, then sudo attempt
> > >
> > >
> > > Thx
> > >
> > > Aly
> >
> > Hi,
> > I'm sorry for such a late answer. The logs says, that in the time of
> > using sudo, the user akhimji is not present in the cache, which
> should
> > not happen if you managed to log in. I will try to reproduce the
> issue
> > first thing tomorrow and let you know.
>
> Hi,
> I'm sorry, I had some technical diffucilties and didn't manage to
> get to it today. Will try it as soon as possible.
>
>
More information about the Freeipa-users
mailing list