[Freeipa-users] Is there any delay after applied rules to user?
Jakub Hrozek
jhrozek at redhat.com
Wed Jul 29 14:39:50 UTC 2015
On Wed, Jul 29, 2015 at 04:32:42PM +0200, Martin Kosek wrote:
> On 07/29/2015 03:22 PM, Dewangga Bachrul Alam wrote:
> > Hello!
> >
> > I'm using FreeIPA 4.1.x on CentOS 7, Is there any delay after applied
> > some rules to specified user?
> >
> > [root at ipa ~]# ipa sudorule-show
> > Rule name: wheel
> > Rule name: Wheel
> > Enabled: TRUE
> > Host category: all
> > Command category: all
> > RunAs User category: all
> > RunAs Group category: all
> > Sudo order: 1
> > Users: dewangga
> > User Groups: wheel
> > Sudo Option: !authenticate
> >
> >
> > On ipa-client, user `dewangga` asking for password when execute command
> > `sudo -l`
> >
> > [dewangga at sherief-repository ~]$ sudo -l
> > [sudo] password for dewangga:
> >
> > Here is `ipa user-show dewangga` result :
> >
> > $ ipa user-show dewangga
> > User login: dewangga
> > First name: Dewangga
> > Last name: Alam
> > Home directory: /home/dewangga
> > Login shell: /bin/bash
> > Email address: [removed]
> > UID: 642000001
> > GID: 642000001
> > Account disabled: False
> > Password: False
> > Member of groups: wheel
> > Member of Sudo rule: Wheel
> > Kerberos keys available: False
> > SSH public key fingerprint: [removed] mahaesa-key (ssh-rsa)
> >
> > Any helps are appreciated.
> > Thanks
>
> I suspect that SSSD cache is in play. You can try to remove it ("man sss_cache"
> or remove it manually "stop sssd, remove /var/lib/sss/db/* and start sssd again").
I think restarting SSSD should help here. You can read the type of sudo
refreshes sssd does in man sssd-sudo.
If it doesn't, we need sssd logs.
More information about the Freeipa-users
mailing list