[Freeipa-users] rhel 6.7 upgrade - sssd/sudo
Andy Thompson
Andy.Thompson at e-tcc.com
Fri Sep 18 13:56:33 UTC 2015
> -----Original Message-----
> From: Jakub Hrozek [mailto:jhrozek at redhat.com]
> Sent: Friday, September 18, 2015 4:42 AM
> To: Andy Thompson <Andy.Thompson at e-tcc.com>
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] rhel 6.7 upgrade - sssd/sudo
>
> On Thu, Sep 17, 2015 at 11:42:54AM +0000, Andy Thompson wrote:
> > I've narrowed it down a bit doing some testing. The sudo rules work when
> I remove the user group restriction from them. My sudo rules all have my ad
> groups in the rule
> >
> > Rule name: ad_linux_admins
> > Enabled: TRUE
> > Host category: all
> > Command category: all
> > RunAs User category: all
> > RunAs Group category: all
> > User Groups: ad_linux_admins <- if I remove this then the rule gets
> applied
>
> Nice catch. Is the group visible after you login and run id?
Ya the groups show up for the users using id
[athompson at mhbenp.local@mdhixuatsmtp01 ~]$ id
uid=1506401106(athompson at mhbenp.local) gid=1506401106(athompson at mhbenp.local) groups=1506401106(athompson at mhbenp.local),1249000010(ad_linux_admins),1506400512(domain admins at mhbenp.local),1506400513(domain users at mhbenp.local),1506401124(admin vpn users at mhbenp.local),1506401239(linux admins at mhbenp.local)
>
> What is the exact IPA server version?
Installed Packages
ipa-server.x86_64 4.1.0-18.el7_1.4
thanks
-andy
More information about the Freeipa-users
mailing list