[Freeipa-users] Sudo denied on first attempt, allowed on second attempt

Pavel Březina pbrezina at redhat.com
Mon Feb 17 08:46:53 UTC 2014


On 02/16/2014 01:19 AM, Steve Dainard wrote:
> Just experienced the same issue on Fedora 20:
>
> [sdainard-admin at miovision.corp@fed20 ~]$ sudo systemctl stop firewalld
> [sudo] password for sdainard-admin at miovision.corp:
> sdainard-admin at miovision.corp is not allowed to run sudo on fed20.  This
> incident will be reported.
> [sdainard-admin at miovision.corp@fed20 ~]$ sudo systemctl stop firewalld
> [sudo] password for sdainard-admin at miovision.corp:
> [sdainard-admin at miovision.corp@fed20 ~]$
>
> Sat Feb 15 19:10:30 2014 is the 2nd attempt in the logs (attached).
>
> /var/log/messages:
> Feb 15 19:10:31 fed20 systemd: Stopping firewalld - dynamic firewall
> daemon...
> Feb 15 19:10:31 fed20 systemd: Stopped firewalld - dynamic firewall daemon.
>
>
>
> *Steve Dainard *
> IT Infrastructure Manager
> Miovision <http://miovision.com/> | /Rethink Traffic/
>
> *Blog <http://miovision.com/blog>  | **LinkedIn
> <https://www.linkedin.com/company/miovision-technologies>  | Twitter
> <https://twitter.com/miovision>  | Facebook
> <https://www.facebook.com/miovision>*
> ------------------------------------------------------------------------
> Miovision Technologies Inc. | 148 Manitou Drive, Suite 101, Kitchener,
> ON, Canada | N2C 1L3
> This e-mail may contain information that is privileged or confidential.
> If you are not the intended recipient, please delete the e-mail and any
> attachments and notify us immediately.
>
>
> On Fri, Feb 14, 2014 at 4:33 PM, Steve Dainard <sdainard at miovision.com
> <mailto:sdainard at miovision.com>> wrote:
>
>     On a Ubuntu 13.10 client after configuring sssd to provide sudo
>     service I left the client idle for a few hours. On returning, I
>     unlocked the screensaver and did the following:
>
>     sdainard-admin at miovision.corp@ubu1310:~$ sudo su
>     [sudo] password for sdainard-admin at miovision.corp:
>     sdainard-admin at miovision.corp is not allowed to run sudo on ubu1310.
>       This incident will be reported.
>     sdainard-admin at miovision.corp@ubu1310:~$ sudo su
>     [sudo] password for sdainard-admin at miovision.corp:
>     root at ubu1310:/home/miovision.corp/sdainard-admin#
>
>     I haven't experienced this on a Fedora 20 or EL client so I'm
>     guessing this is something specific to Ubuntu.
>
>     I've attached the client sssd log if anyone can point me in the
>     right direction.
>
>     Thanks,
>
>
>     *Steve Dainard *
>     IT Infrastructure Manager
>     Miovision <http://miovision.com/> | /Rethink Traffic/
>
>     *Blog <http://miovision.com/blog>  | **LinkedIn
>     <https://www.linkedin.com/company/miovision-technologies>  | Twitter
>     <https://twitter.com/miovision>  | Facebook
>     <https://www.facebook.com/miovision>*
>     ------------------------------------------------------------------------
>     Miovision Technologies Inc. | 148 Manitou Drive, Suite 101,
>     Kitchener, ON, Canada | N2C 1L3
>     This e-mail may contain information that is privileged or
>     confidential. If you are not the intended recipient, please delete
>     the e-mail and any attachments and notify us immediately.

Hi,
provided logs did not reveal anything bad. Can you also attach 
sssd_sudo.log, sssd_nss.log and sssd.conf please? Also what sssd and 
sudo version do you run?

Is this always reproducible or it happens only sporadically?

Thanks.




More information about the Freeipa-users mailing list