[Freeipa-users] Is there any delay after applied rules to user?
Martin Kosek
mkosek at redhat.com
Wed Jul 29 14:32:42 UTC 2015
On 07/29/2015 03:22 PM, Dewangga Bachrul Alam wrote:
> Hello!
>
> I'm using FreeIPA 4.1.x on CentOS 7, Is there any delay after applied
> some rules to specified user?
>
> [root at ipa ~]# ipa sudorule-show
> Rule name: wheel
> Rule name: Wheel
> Enabled: TRUE
> Host category: all
> Command category: all
> RunAs User category: all
> RunAs Group category: all
> Sudo order: 1
> Users: dewangga
> User Groups: wheel
> Sudo Option: !authenticate
>
>
> On ipa-client, user `dewangga` asking for password when execute command
> `sudo -l`
>
> [dewangga at sherief-repository ~]$ sudo -l
> [sudo] password for dewangga:
>
> Here is `ipa user-show dewangga` result :
>
> $ ipa user-show dewangga
> User login: dewangga
> First name: Dewangga
> Last name: Alam
> Home directory: /home/dewangga
> Login shell: /bin/bash
> Email address: [removed]
> UID: 642000001
> GID: 642000001
> Account disabled: False
> Password: False
> Member of groups: wheel
> Member of Sudo rule: Wheel
> Kerberos keys available: False
> SSH public key fingerprint: [removed] mahaesa-key (ssh-rsa)
>
> Any helps are appreciated.
> Thanks
I suspect that SSSD cache is in play. You can try to remove it ("man sss_cache"
or remove it manually "stop sssd, remove /var/lib/sss/db/* and start sssd again").
More information about the Freeipa-users
mailing list