[Freeipa-users] Sudo hangs after reenrollment of some servers in fresh IPA domain
Martin Kosek
mkosek at redhat.com
Thu Jun 4 15:15:04 UTC 2015
On 06/04/2015 05:13 PM, Sina Owolabi wrote:
> Hi Martin
>
> I have deleted everything in /var/lib/sss/db/ and restarted sssd,
> no luck.
In that case, I am afraid you might need to enable sudo and SSSD debug
(https://fedorahosted.org/sssd/wiki/Troubleshooting) and see where it hans.
Also CCing sudo/sssd SMEs to be aware.
>
> On Thu, Jun 4, 2015 at 4:10 PM, Martin Kosek <mkosek at redhat.com> wrote:
>> On 06/04/2015 05:06 PM, Cory Carlton wrote:
>>> I would check for DNS resolution from the machine executing the sudo, to
>>> the IPA server.
>>
>> I would also suggest cleaning SSSD caches, since you reinstalled against the
>> same domain, but actually different server (/var/lib/sss/db/)
>>
>>> On Thu, Jun 4, 2015 at 9:54 AM, Sina Owolabi <notify.sina at gmail.com> wrote:
>>>
>>>> Hi
>>>>
>>>> I recently had to remove and reinstall a fresh IPA server. I am
>>>> currently re-enrolling all the ipa clients to the recently refreshed
>>>> domain (same name as the previous realm and domain). The new IPA
>>>> master is RHEL7.1 with IPA 4.1.3.
>>>>
>>>> All client servers are running RHEL6.6.
>>>>
>>>> I also have sudorule that allows a group to have access to run all
>>>> commands on all servers:
>>>>
>>>> Rule name: All
>>>> Enabled: TRUE
>>>> Host category: all
>>>> Command category: all
>>>> User Groups: superusers
>>>> Sudo Option: !authenticate
>>>> ----------------------------
>>>>
>>>> I noticed that trying to run sudo on a few of the servers makes the
>>>> command hang indefinitely.
>>>> I am not sure what is the cause and where to look. Please what can I
>>>> do to troubleshoot and fix this?
>>>>
>>>> --
>>>> Manage your subscription for the Freeipa-users mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go to http://freeipa.org for more info on the project
>>>>
>>>
>>>
>>>
>>
More information about the Freeipa-users
mailing list