[Freeipa-users] Sudo denied on first attempt, allowed on second attempt
Jakub Hrozek
jhrozek at redhat.com
Mon Feb 24 15:55:59 UTC 2014
On Mon, Feb 24, 2014 at 10:46:19AM -0500, Pavel Brezina wrote:
> Hi,
> I wasn't able to reproduce with membership setup exactly like this. I
> have already seen similar problem once, unfortunately the user stopped
> responding before we could reach the root cause. I think it is correct
> from the sudo point of view, what is problematic here is missing group
> membership.
>
> It seems that membership of trusted user is not resolved correctly.
> Sumit, Jakub, do you have any ideas?
Did you verify if "id" prints the expected groups for the user in question
after he logs in? I think we need to first verify if the memberships are
stored correctly to the cache..
More information about the Freeipa-users
mailing list