[Freeipa-users] Sudo rule implementation
Ben .T.George
bentech4you at gmail.com
Wed Dec 21 07:24:51 UTC 2016
HI,
thanks for your information. I have validated logs.
i destroyed the current kerberos ticket and re-initiated, then the issue
solved.
Regards,
Ben
On Tue, Dec 20, 2016 at 2:24 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
> On Tue, Dec 20, 2016 at 01:19:15PM +0300, Ben .T.George wrote:
> > Hi List,
> >
> > please help me to implement sudo rules.
> >
> > i have did below steps and still not working for me.
> >
> > 1. created "Sudo Command Groups"
> > 2. Added some command (/bin/yum) and included in sudo group
> > 3. created "sudo Rule" on that
> > * added sudo Option as "!authenticate"
> > * Added User Group.
> > * Added one Host
> > * And under Run command, selected the Sudo Rule Group.
> > 4. entry on nsswitch.conf : sudoers: files sss
> > 5. entry on sssd.conf : services = nss, sudo, pam, ssh
> >
> > and i tried removing "!authenticate" and changed to Anyone, Any Host and
> Any
> > Command,
> > Also under As Whom to Anyone and Any Group
> > - I tried logout and login again on client with IPA user which is member
> of
> > user group.
> >
> > When i am running yum, getting error that user is not allowed to execute
> > command.
> >
> >
> > Please anyone help to correct my steps.
> >
> > Regards
> > Ben
>
> Please follow:
> https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
> especially the sudo logs are often helpful to see what rules is sssd
> returning to sudo.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161221/0449d0d9/attachment.htm>
More information about the Freeipa-users
mailing list