[Freeipa-users] Sudo hangs after reenrollment of some servers in fresh IPA domain
Pavel Březina
pbrezina at redhat.com
Mon Jun 8 08:24:48 UTC 2015
On 06/05/2015 03:14 PM, Sina Owolabi wrote:
> Odd, sssd sudo up and started working properly after I added debug to
> the clients I was interested in.
> I didnt see any errors in the logs at all.
This may indicate a race condition. Does it hang up again if you disable
debugging?
>
> Very strange. Thanks everyone.
>
> On Thu, Jun 4, 2015 at 7:36 PM, Pavel Brezina <pbrezina at redhat.com> wrote:
>> Hi,
>> please put the following line to /etc/sudo.conf to obtain sudo logs and send us the file:
>> Debug sudo /var/log/sudo_debug all at trace
>>
>> ----- Original Message -----
>>> From: "Martin Kosek" <mkosek at redhat.com>
>>> To: "Sina Owolabi" <notify.sina at gmail.com>
>>> Cc: "Cory Carlton" <cory at pithoslabs.com>, freeipa-users at redhat.com, "Pavel Brezina" <pbrezina at redhat.com>, "Jakub
>>> Hrozek" <jhrozek at redhat.com>
>>> Sent: Thursday, June 4, 2015 5:15:04 PM
>>> Subject: Re: [Freeipa-users] Sudo hangs after reenrollment of some servers in fresh IPA domain
>>>
>>> On 06/04/2015 05:13 PM, Sina Owolabi wrote:
>>>> Hi Martin
>>>>
>>>> I have deleted everything in /var/lib/sss/db/ and restarted sssd,
>>>> no luck.
>>>
>>> In that case, I am afraid you might need to enable sudo and SSSD debug
>>> (https://fedorahosted.org/sssd/wiki/Troubleshooting) and see where it hans.
>>> Also CCing sudo/sssd SMEs to be aware.
>>>
>>>>
>>>> On Thu, Jun 4, 2015 at 4:10 PM, Martin Kosek <mkosek at redhat.com> wrote:
>>>>> On 06/04/2015 05:06 PM, Cory Carlton wrote:
>>>>>> I would check for DNS resolution from the machine executing the sudo, to
>>>>>> the IPA server.
>>>>>
>>>>> I would also suggest cleaning SSSD caches, since you reinstalled against
>>>>> the
>>>>> same domain, but actually different server (/var/lib/sss/db/)
>>>>>
>>>>>> On Thu, Jun 4, 2015 at 9:54 AM, Sina Owolabi <notify.sina at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi
>>>>>>>
>>>>>>> I recently had to remove and reinstall a fresh IPA server. I am
>>>>>>> currently re-enrolling all the ipa clients to the recently refreshed
>>>>>>> domain (same name as the previous realm and domain). The new IPA
>>>>>>> master is RHEL7.1 with IPA 4.1.3.
>>>>>>>
>>>>>>> All client servers are running RHEL6.6.
>>>>>>>
>>>>>>> I also have sudorule that allows a group to have access to run all
>>>>>>> commands on all servers:
>>>>>>>
>>>>>>> Rule name: All
>>>>>>> Enabled: TRUE
>>>>>>> Host category: all
>>>>>>> Command category: all
>>>>>>> User Groups: superusers
>>>>>>> Sudo Option: !authenticate
>>>>>>> ----------------------------
>>>>>>>
>>>>>>> I noticed that trying to run sudo on a few of the servers makes the
>>>>>>> command hang indefinitely.
>>>>>>> I am not sure what is the cause and where to look. Please what can I
>>>>>>> do to troubleshoot and fix this?
>>>>>>>
>>>>>>> --
>>>>>>> Manage your subscription for the Freeipa-users mailing list:
>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>>> Go to http://freeipa.org for more info on the project
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>
>>>
More information about the Freeipa-users
mailing list