[Freeipa-users] FreeIPA, version: 4.1.0 and sudo configuration
Chamambo Martin
chamambom at afri-com.net
Wed Apr 8 08:17:59 UTC 2015
I have this log after doing a debug_level=6 in the sudo section and have
attached a txt file for the ldbsearch -H /var/lib/sss/db/cache_ai.co.zw.ldb
[root at ironhide ~]# tail -f /var/log/sssd/sssd_sudo.log
(Wed Apr 8 10:10:03 2015) [sssd[sudo]] [sysdb_domain_init_internal]
(0x0200): DB File for ai.co.zw: /var/lib/sss/db/cache_ai.co.zw.ldb
(Wed Apr 8 10:10:03 2015) [sssd[sudo]] [ldb] (0x0400): asq: Unable to
register control with rootdse!
(Wed Apr 8 10:10:03 2015) [sssd[sudo]] [sss_process_init] (0x0400):
Responder Initialization complete
(Wed Apr 8 10:10:03 2015) [sssd[sudo]] [sudo_process_init] (0x0400): SUDO
Initialization complete
(Wed Apr 8 10:10:03 2015) [sssd[sudo]] [sss_dp_issue_request] (0x0400):
Issuing request for [0x40c900:domains at ai.co.zw]
(Wed Apr 8 10:10:03 2015) [sssd[sudo]] [sss_dp_get_domains_msg] (0x0400):
Sending get domains request for [ai.co.zw][forced][]
(Wed Apr 8 10:10:03 2015) [sssd[sudo]] [sss_dp_internal_get_send] (0x0400):
Entering request [0x40c900:domains at ai.co.zw]
(Wed Apr 8 10:10:03 2015) [sssd[sudo]] [dp_id_callback] (0x0100): Got id
ack and version (1) from DP
(Wed Apr 8 10:10:03 2015) [sssd[sudo]] [id_callback] (0x0100): Got id ack
and version (1) from Monitor
(Wed Apr 8 10:10:04 2015) [sssd[sudo]] [sss_dp_req_destructor] (0x0400):
Deleting request: [0x40c900:domains at ai.co.zw]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [accept_fd_handler] (0x0400): Client
connected!
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
Received client version [1].
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
Offered version [1].
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'admin' matched without domain, user is admin
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): using default domain [(null)]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'admin' matched without domain, user is admin
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): using default domain [(null)]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
(0x0200): Requesting default options for [admin] from [<ALL>]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_user] (0x0200):
Requesting info about [admin at ai.co.zw]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_user] (0x0400):
Returning info for user [admin at ai.co.zw]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
Retrieving default options for [admin] from [ai.co.zw]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=admin)(sud
oUser=#1468200000)(sudoUser=%admins)(sudoUser=%trust
admins)(sudoUser=%admins)(sudoUser=+*))(&(dataExpireTimestamp<=1428480892)))
]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(name=defaults)))]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
(0x0400): Returning 0 rules for [<default options>@ai.co.zw]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'admin' matched without domain, user is admin
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): using default domain [(null)]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'admin' matched without domain, user is admin
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): using default domain [(null)]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
(0x0200): Requesting rules for [admin] from [<ALL>]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_user] (0x0200):
Requesting info about [admin at ai.co.zw]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_user] (0x0400):
Returning info for user [admin at ai.co.zw]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
Retrieving rules for [admin] from [ai.co.zw]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=admin)(sud
oUser=#1468200000)(sudoUser=%admins)(sudoUser=%trust
admins)(sudoUser=%admins)(sudoUser=+*))(&(dataExpireTimestamp<=1428480892)))
]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=admin)(sudoUser=#14682000
00)(sudoUser=%admins)(sudoUser=%trust
admins)(sudoUser=%admins)(sudoUser=+*)))]
(Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
(0x0400): Returning 1 rules for [admin at ai.co.zw]
(Wed Apr 8 10:15:02 2015) [sssd[sudo]] [client_recv] (0x0200): Client
disconnected!
-----Original Message-----
From: Jakub Hrozek [mailto:jhrozek at redhat.com]
Sent: Wednesday, April 08, 2015 10:07 AM
To: Chamambo Martin
Cc: freeipa-users at redhat.com; 'Lukas Slebodnik'
Subject: Re: [Freeipa-users] FreeIPA, version: 4.1.0 and sudo configuration
On Wed, Apr 08, 2015 at 10:00:50AM +0200, Chamambo Martin wrote:
> I have these logs and cant seem to make sense of them
These are not the logs we asked for. What we need is debug_level=6 in the
sudo section, then run sudo, then attach /var/log/sssd/sssd_sudo.log.
It would also be nice if you could install ldb-tools and run:
ldbsearch -H /var/lib/sss/db/cache_ai.co.zw.ldb
To see if the sudo rules were cached at all by the sudo full refresh (see
man sssd-sudo for description of the different refreshes sssd does).
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sudosearchlogfile.txt
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150408/9a2e5b42/attachment.txt>
More information about the Freeipa-users
mailing list