[Freeipa-users] Stuck getting sudo working with Ubuntu client
Lukas Slebodnik
lslebodn at redhat.com
Fri Apr 17 20:28:23 UTC 2015
On (17/04/15 11:32), Andrew Sacamano wrote:
>Hi everyone,
>
>
>I've spent a couple of days digging around the web, watching logs, and
>poking things, and I'm stuck getting sudo working with IPA on a new box
>I've just set up. I have had it working in the past on a test box, but
>something about this box is blocking me, and I can't for the life of me
>figure out what.
>
>
>The basic symptom is that I can log into the Ubuntu box as an IPA user, but
>sudo is always denied:
>
>
>[root at security-core-1 log]# ssh dru at jenkins
>
>dru at jenkins's password:
>
>...
>
>Could not chdir to home directory /home/dru: No such file or directory
>
>dru at jenkins:/$ sudo -l
>
>[sudo] password for dru:
>
>Sorry, user dru may not run sudo on jenkins.
>
>
>I've appended version output, config files, sample logs, and ipa config -
>which I think is all of the relevant material, but I'll gladly share more
>if it's needed.
>
>
>Thanks so much in advance for any debugging advice, hints, or help!
>
>
I looked to the configuration files and they look good.
I have few hints which might help you with troubleshooting
* please ensure you have installed package sudo and not sudo-ldap.
The second one is not build with sssd support.
* please read about sudo caching in sssd
man sssd-sudo -> THE SUDO RULE CACHING MECHANISM
* please test simple sudo rules first.
(all hosts, one user instead of groups, ...)
* check whether sudo rules are cached by sssd (use ldb-tools)
If previous hints does not help then you need to enable
debugging in sudo and analyse log file.
@see slide 18 in presentation[1]
LS
[1] http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
More information about the Freeipa-users
mailing list