[Freeipa-users] Sudo denied on first attempt, allowed on second attempt
Steve Dainard
sdainard at miovision.com
Mon Feb 17 21:29:12 UTC 2014
I can't reproduce consistently on any OS including Fedora 20, but I was
able to trigger the issue on a Ubuntu 13.10 client.
sssd: 1.11.1
sudo: 1.8.6p3-0ubuntu3
I have only just enabled the sudo logging so it should only contain the
events below:
sdainard-admin at miovision.corp@ubu1310:~$ sudo su
[sudo] password for sdainard-admin at miovision.corp:
sdainard-admin at miovision.corp is not allowed to run sudo on ubu1310. This
incident will be reported.
sdainard-admin at miovision.corp@ubu1310:~$ sudo su
[sudo] password for sdainard-admin at miovision.corp:
root at ubu1310:/home/miovision.corp/sdainard-admin#
Files attached outside of list.
Thanks,
*Steve Dainard *
IT Infrastructure Manager
Miovision <http://miovision.com/> | *Rethink Traffic*
*Blog <http://miovision.com/blog> | **LinkedIn
<https://www.linkedin.com/company/miovision-technologies> | Twitter
<https://twitter.com/miovision> | Facebook
<https://www.facebook.com/miovision>*
------------------------------
Miovision Technologies Inc. | 148 Manitou Drive, Suite 101, Kitchener, ON,
Canada | N2C 1L3
This e-mail may contain information that is privileged or confidential. If
you are not the intended recipient, please delete the e-mail and any
attachments and notify us immediately.
On Mon, Feb 17, 2014 at 3:46 AM, Pavel Březina <pbrezina at redhat.com> wrote:
> On 02/16/2014 01:19 AM, Steve Dainard wrote:
>
>> Just experienced the same issue on Fedora 20:
>>
>> [sdainard-admin at miovision.corp@fed20 ~]$ sudo systemctl stop firewalld
>> [sudo] password for sdainard-admin at miovision.corp:
>> sdainard-admin at miovision.corp is not allowed to run sudo on fed20. This
>> incident will be reported.
>> [sdainard-admin at miovision.corp@fed20 ~]$ sudo systemctl stop firewalld
>> [sudo] password for sdainard-admin at miovision.corp:
>> [sdainard-admin at miovision.corp@fed20 ~]$
>>
>> Sat Feb 15 19:10:30 2014 is the 2nd attempt in the logs (attached).
>>
>> /var/log/messages:
>> Feb 15 19:10:31 fed20 systemd: Stopping firewalld - dynamic firewall
>> daemon...
>> Feb 15 19:10:31 fed20 systemd: Stopped firewalld - dynamic firewall
>> daemon.
>>
>>
>>
>> *Steve Dainard *
>> IT Infrastructure Manager
>> Miovision <http://miovision.com/> | /Rethink Traffic/
>>
>> *Blog <http://miovision.com/blog> | **LinkedIn
>> <https://www.linkedin.com/company/miovision-technologies> | Twitter
>> <https://twitter.com/miovision> | Facebook
>> <https://www.facebook.com/miovision>*
>> ------------------------------------------------------------------------
>>
>> Miovision Technologies Inc. | 148 Manitou Drive, Suite 101, Kitchener,
>> ON, Canada | N2C 1L3
>> This e-mail may contain information that is privileged or confidential.
>> If you are not the intended recipient, please delete the e-mail and any
>> attachments and notify us immediately.
>>
>>
>> On Fri, Feb 14, 2014 at 4:33 PM, Steve Dainard <sdainard at miovision.com
>> <mailto:sdainard at miovision.com>> wrote:
>>
>> On a Ubuntu 13.10 client after configuring sssd to provide sudo
>> service I left the client idle for a few hours. On returning, I
>> unlocked the screensaver and did the following:
>>
>> sdainard-admin at miovision.corp@ubu1310:~$ sudo su
>> [sudo] password for sdainard-admin at miovision.corp:
>> sdainard-admin at miovision.corp is not allowed to run sudo on ubu1310.
>> This incident will be reported.
>> sdainard-admin at miovision.corp@ubu1310:~$ sudo su
>> [sudo] password for sdainard-admin at miovision.corp:
>> root at ubu1310:/home/miovision.corp/sdainard-admin#
>>
>> I haven't experienced this on a Fedora 20 or EL client so I'm
>> guessing this is something specific to Ubuntu.
>>
>> I've attached the client sssd log if anyone can point me in the
>> right direction.
>>
>> Thanks,
>>
>>
>> *Steve Dainard *
>> IT Infrastructure Manager
>> Miovision <http://miovision.com/> | /Rethink Traffic/
>>
>> *Blog <http://miovision.com/blog> | **LinkedIn
>> <https://www.linkedin.com/company/miovision-technologies> | Twitter
>> <https://twitter.com/miovision> | Facebook
>> <https://www.facebook.com/miovision>*
>> ------------------------------------------------------------
>> ------------
>>
>> Miovision Technologies Inc. | 148 Manitou Drive, Suite 101,
>> Kitchener, ON, Canada | N2C 1L3
>> This e-mail may contain information that is privileged or
>> confidential. If you are not the intended recipient, please delete
>> the e-mail and any attachments and notify us immediately.
>>
>
> Hi,
> provided logs did not reveal anything bad. Can you also attach
> sssd_sudo.log, sssd_nss.log and sssd.conf please? Also what sssd and sudo
> version do you run?
>
> Is this always reproducible or it happens only sporadically?
>
> Thanks.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140217/febf4717/attachment.htm>
More information about the Freeipa-users
mailing list