[Freeipa-users] sudo - differences between Centos 6.5 and Centos 7.0?
Lukas Slebodnik
lslebodn at redhat.com
Thu Jul 14 10:49:44 UTC 2016
On (14/07/16 12:43), Tomas Simecek wrote:
>Thanks Lukas,
>to be honest I am not sure what do you mean by "Please test with id
>simecek.tomas at sd-stc.cz."
>It is the user I am testing with all the time.
>
>Here is what I see on client where sudo does not work:
>[simecek.tomas at sd-stc.cz@zp-cml-test ~]$ id
>uid=988604700(simecek.tomas at sd-stc.cz) gid=988604700(simecek.tomas at sd-stc.cz)
>groups=988604700(simecek.tomas at sd-stc.cz),431200004(grpunixadmins),988600513(domain
>users at sd-stc.cz),988604182(account at sd-stc.cz),988604754(mfcr_mfg at sd-stc.cz
>),988604825(unixadmins at sd-stc.cz),988604833(wifiadmins at sd-stc.cz)
>
hmm, the user is member of grpunixadmins. Then I wonder why sssd could not find
a sudo rules for the user.
I would like to see full log file + dump of sssd cache.
Please:
* clean cache and log files on client
rm -f /var/lib/sss/db/* /var/log/sssd/*
* enable debug_level=9 in domain section and sudo
* restart sssd
* authernticate with usersimecek.tomas at sd-stc.cz
* try sudo.
* send all sssd log files
* provide dump of sssd cache
ldbsearch -H /var/lib/sss/db/cache_$domain.ldb
(utility ldbsearch is part of package ldb-tools
LS
More information about the Freeipa-users
mailing list