[Freeipa-users] can't get sudo to work.
Rob Crittenden
rcritten at redhat.com
Tue Aug 23 14:13:01 UTC 2016
Pavel Březina wrote:
> On 08/23/2016 01:55 PM, Tony Brian Albers wrote:
>> Here you are:
>>
>>
>> [root ~]# ldapsearch -Y GSSAPI -b $dc
>> '(ou=*)' -s onelevel
>
>> # profile, $domain
>> dn: ou=profile,$dc
>> objectClass: top
>> objectClass: organizationalUnit
>> ou: profiles
>> ou: profile
>>
>> # search result
>> search: 4
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>
>
> Sudo rules are not downloaded by SSSD because ou=sudoers is missing on
> the IPA server, or it may have incorrect ACL. Does someone from IPA team
> know why?
Perhaps the compat tree is disabled:
$ ipa-compat-manage status
rob
More information about the Freeipa-users
mailing list