[Freeipa-users] ipa-client-automount --uninstall breaks central sudo on ipa-server
Rob Crittenden
rcritten at redhat.com
Fri Aug 26 15:35:32 UTC 2016
Mariusz Stolarczyk wrote:
> Need help restoring central sudo rights on ipa server.
>
>
> How I broke it!!!: I decided to take advantage of the centralized
> automount feature with a custom location for a couple mounts. When I ran
> the ipa-client-automount --location=server_mounts it appeared to install
> correctly but that didn't appear not to work so my plan was to manually
> setup the automount since it is only one machine. So of course I ran the
> ipa-client-automount --uninstall on the ipa server and thats when I lost
> the sudo rights on the ipa server: superuser not in the sudoers file,
> this incident will be reported.
>
>
> I have repeated this steps with the same results:
>
> Initially sudo works for superuser
>
> And after ipa-client-automount --location=server_mounts (on the ipa-server)
>
> sudo still works
>
> but after, ipa-client-automount --uninstall
>
> no sudo for superuser on the ipa server but the superuser still has sudo
> privilages on the clients????
>
>
> background/versions:
>
> My setup is all CentOS 7.2 machines with one ipa server and the rest are
> clients all using ipa version 4.2.0.
>
> I had no issues using the ipa-client-automount on all my clients to
> configure network homes and shares as well as setting up a superuser
> with central sudo powers before this happened.
>
>
> 1.) Don't be too harsh if it is a BIG NO-NO to run the
> ipa-client-automount command on the ipa-server
>
> 2.) Not sure what logs or config files i need to post.
I'd confirm that sssd is still configured to do sudo by looking for sss
in the sudoers line in /etc/nssswitch.conf and ensure that sudo is an
enabled service in /etc/sssd/sssd.conf, probably something like:
services = nss, sudo, pam, ssh
rob
More information about the Freeipa-users
mailing list