[Freeipa-users] Issue IPA: AD Users and IPA Users when using SSS/LDAP with SUDO

Tue May 7 12:21:38 UTC 2013

On 05/03/2013 12:42 PM, Aly Khimji wrote:
> Hey Pavel/guys
>
> Any luck recreating the problem?

Hi,
sorry for the delay. I can confirm that sudo does not work with users 
from trusted domain anymore. I created a ticket:

https://fedorahosted.org/sssd/ticket/1912

Patch for 1.9 branch is on sssd-devel list.

> Thx for the help
>
> Aly
>
>
> Thanks Pavel,
>
> Very much appreciated
>
> Aly
>
>
> On Tue, Apr 30, 2013 at 1:41 PM, Pavel Brezina <pbrezina at redhat.com
> <mailto:pbrezina at redhat.com>> wrote:
>
>
>
>     ----- Original Message -----
>      > From: "Pavel Březina" <pbrezina at redhat.com
>     <mailto:pbrezina at redhat.com>>
>      > To: "Aly Khimji" <aly.khimji at gmail.com <mailto:aly.khimji at gmail.com>>
>      > Cc: freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
>      > Sent: Monday, April 29, 2013 9:11:25 PM
>      > Subject: Re: [Freeipa-users] Issue IPA: AD Users and IPA Users
>     when using SSS/LDAP with SUDO
>      >
>      > On 04/29/2013 08:31 PM, Aly Khimji wrote:
>      > > Hey Pavel/Guys,
>      > >
>      > > Do you see anything in the new logs that might help?
>      > >
>      > > I saw this bug
>     https://bugzilla.redhat.com/show_bug.cgi?id=871160 that
>      > > reports this issue exactly.
>      > > However its reported as fixed but I am still having the same
>     issue. I am
>      > > building out a new test environment and I am also deploying a FC18
>      > > client which seems to have newer sssd/libsss_sudo packages that i
>      > > suppose haven't made it up stream yet
>      > >
>      > > Currently installed on my client
>      > >
>      > > libsss_sudo-1.9.2-82.7.el6_4.x86_64
>      > > sssd-client-1.9.2-82.7.el6_4.x86_64
>      > > libsss_idmap-1.9.2-82.7.el6_4.x86_64
>      > > libsss_autofs-1.9.2-82.el6.x86_64
>      > > sssd-1.9.2-82.7.el6_4.x86_64
>      > >
>      > > I've increased the logging to 10, just incase it helps. here it the
>      > > sss_sudo log for a login, then sudo attempt
>      > >
>      > >
>      > > Thx
>      > >
>      > > Aly
>      >
>      > Hi,
>      > I'm sorry for such a late answer. The logs says, that in the time of
>      > using sudo, the user akhimji is not present in the cache, which
>     should
>      > not happen if you managed to log in. I will try to reproduce the
>     issue
>      > first thing tomorrow and let you know.
>
>     Hi,
>     I'm sorry, I had some technical diffucilties and didn't manage to
>     get to it today. Will try it as soon as possible.
>
>