[Freeipa-users] Sudo hangs after reenrollment of some servers in fresh IPA domain

Sina Owolabi notify.sina at gmail.com
Fri Jun 5 13:14:04 UTC 2015 

Odd, sssd sudo up and started working properly after I added debug to
the clients I was interested in.
I didnt see any errors in the logs at all.

Very strange. Thanks everyone.

On Thu, Jun 4, 2015 at 7:36 PM, Pavel Brezina <pbrezina at redhat.com> wrote:
> Hi,
> please put the following line to /etc/sudo.conf to obtain sudo logs and send us the file:
> Debug sudo /var/log/sudo_debug all at trace
>
> ----- Original Message -----
>> From: "Martin Kosek" <mkosek at redhat.com>
>> To: "Sina Owolabi" <notify.sina at gmail.com>
>> Cc: "Cory Carlton" <cory at pithoslabs.com>, freeipa-users at redhat.com, "Pavel Brezina" <pbrezina at redhat.com>, "Jakub
>> Hrozek" <jhrozek at redhat.com>
>> Sent: Thursday, June 4, 2015 5:15:04 PM
>> Subject: Re: [Freeipa-users] Sudo hangs after reenrollment of some servers in fresh IPA domain
>>
>> On 06/04/2015 05:13 PM, Sina Owolabi wrote:
>> > Hi Martin
>> >
>> > I have deleted everything in /var/lib/sss/db/ and restarted sssd,
>> > no luck.
>>
>> In that case, I am afraid you might need to enable sudo and SSSD debug
>> (https://fedorahosted.org/sssd/wiki/Troubleshooting) and see where it hans.
>> Also CCing sudo/sssd SMEs to be aware.
>>
>> >
>> > On Thu, Jun 4, 2015 at 4:10 PM, Martin Kosek <mkosek at redhat.com> wrote:
>> >> On 06/04/2015 05:06 PM, Cory Carlton wrote:
>> >>> I would check for DNS resolution from the machine executing the sudo, to
>> >>> the IPA server.
>> >>
>> >> I would also suggest cleaning SSSD caches, since you reinstalled against
>> >> the
>> >> same domain, but actually different server (/var/lib/sss/db/)
>> >>
>> >>> On Thu, Jun 4, 2015 at 9:54 AM, Sina Owolabi <notify.sina at gmail.com>
>> >>> wrote:
>> >>>
>> >>>> Hi
>> >>>>
>> >>>> I recently had to remove and reinstall a fresh IPA server. I am
>> >>>> currently re-enrolling all the ipa clients to the recently refreshed
>> >>>> domain (same name as the previous realm and domain). The new IPA
>> >>>> master is RHEL7.1 with IPA 4.1.3.
>> >>>>
>> >>>> All client servers are running RHEL6.6.
>> >>>>
>> >>>> I also have sudorule that allows a group to have access to run all
>> >>>> commands on all servers:
>> >>>>
>> >>>>   Rule name: All
>> >>>>   Enabled: TRUE
>> >>>>   Host category: all
>> >>>>   Command category: all
>> >>>>   User Groups: superusers
>> >>>>   Sudo Option: !authenticate
>> >>>> ----------------------------
>> >>>>
>> >>>> I noticed that trying to run sudo on a few of the servers makes the
>> >>>> command hang indefinitely.
>> >>>> I am not sure what is the cause and where to look. Please what can I
>> >>>> do to troubleshoot and fix this?
>> >>>>
>> >>>> --
>> >>>> Manage your subscription for the Freeipa-users mailing list:
>> >>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> >>>> Go to http://freeipa.org for more info on the project
>> >>>>
>> >>>
>> >>>
>> >>>
>> >>
>>
>>

More information about the Freeipa-users mailing list