[Freeipa-users] users AD can not sudo in centos 6.5
Jakub Hrozek
jhrozek at redhat.com
Mon Aug 25 11:58:41 UTC 2014
On Mon, Aug 25, 2014 at 12:12:26PM +0200, Dmitri Pal wrote:
> On 08/25/2014 12:01 PM, alireza baghery wrote:
> >hi
> >i integrated AD windows 208 R2 with IPA server (centos 6.5)
> >i write a sudo policy and access for specified user and host with allow
> >any command.
> >user can execute sudo in centos 7 but when user loggin on centos 6.5 can
> >not execute sudo and get error below
> >user at AD is not in sudoers file.
> >i configure /etc/nsswitch.conf --sudoers: file sss
> >/etc/sss/sss.conf----service nss, pam,ssh,sudo
> >/etc/sysconfig/network ----- NISDOMAIN=ad.com <http://ad.com>
> >
> >
> >
>
> AFAIR there was a bug in 6.5 around sudo and AD users, it has been fixed in
> fedora but I am not sure it made its way into all distros yet.
Yes, it would be best if you could run both sudo and with more debugging
enabled.
For sudo logs, something like:
Debug sudo /tmp/sudo_debug all at debug
Should produce pretty verbose logs
SSSD debug_level should be enabled in [sudo] and [domain] sections.
More information about the Freeipa-users
mailing list