[Freeipa-users] sudo rules question on ubuntu 16.0.1
Cory Francis Myers
cory at trinitymobilenetworks.com
Thu Aug 25 22:34:43 UTC 2016
We are seeing the same problem (correct group membership; matching HBAC
rules retrieved by sssd and rejected by sudo) on a new Ubuntu 16.04
client joining a realm of existing (and working) Ubuntu 15.10 hosts,
despite identical "/etc/sssd/sssd.conf" files.
Master:
root at hades:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=15.10
DISTRIB_CODENAME=wily
DISTRIB_DESCRIPTION="Ubuntu 15.10"
root at hades:~# ipa --version
VERSION: 4.1.4, API_VERSION: 2.114
Existing (working) client:
root at orange1:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=15.10
DISTRIB_CODENAME=wily
DISTRIB_DESCRIPTION="Ubuntu 15.10"
root at orange1:~# ipa-client-install --version
4.1.4
root at orange1:~# sssd --version
1.12.5
New (broken) client:
root at orange4:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.1 LTS"
root at orange4:~# ipa-client-install --version
4.3.1
root at orange4:~# sssd --version
1.13.4
I too would be grateful for any advice. The relevant parts of our logs
corroborate what John has reported in this thread, but I can provide
excerpts if that would be helpful.
--- Cory.
--
Cory Myers
Systems Engineer
Trinity Mobile Networks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160825/9c2f9ad3/attachment.sig>
More information about the Freeipa-users
mailing list