[Freeipa-users] sudo - differences between Centos 6.5 and Centos 7.0?
Tomas Simecek
simecek.tomas at gmail.com
Thu Jul 14 11:06:05 UTC 2016
Hi Lukas,
I did as you said.
Logs are attached to this mail.
Thanks for helping.
T.
2016-07-14 12:49 GMT+02:00 Lukas Slebodnik <lslebodn at redhat.com>:
> On (14/07/16 12:43), Tomas Simecek wrote:
> >Thanks Lukas,
> >to be honest I am not sure what do you mean by "Please test with id
> >simecek.tomas at sd-stc.cz."
> >It is the user I am testing with all the time.
> >
> >Here is what I see on client where sudo does not work:
> >[simecek.tomas at sd-stc.cz@zp-cml-test ~]$ id
> >uid=988604700(simecek.tomas at sd-stc.cz) gid=988604700(
> simecek.tomas at sd-stc.cz)
> >groups=988604700(simecek.tomas at sd-stc.cz
> ),431200004(grpunixadmins),988600513(domain
> >users at sd-stc.cz),988604182(account at sd-stc.cz),988604754(
> mfcr_mfg at sd-stc.cz
> >),988604825(unixadmins at sd-stc.cz),988604833(wifiadmins at sd-stc.cz)
> >
> hmm, the user is member of grpunixadmins. Then I wonder why sssd could not
> find
> a sudo rules for the user.
>
> I would like to see full log file + dump of sssd cache.
> Please:
> * clean cache and log files on client
> rm -f /var/lib/sss/db/* /var/log/sssd/*
> * enable debug_level=9 in domain section and sudo
> * restart sssd
> * authernticate with usersimecek.tomas at sd-stc.cz
> * try sudo.
> * send all sssd log files
> * provide dump of sssd cache
> ldbsearch -H /var/lib/sss/db/cache_$domain.ldb
> (utility ldbsearch is part of package ldb-tools
>
> LS
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160714/b7f19c19/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logs.zip
Type: application/zip
Size: 161829 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160714/b7f19c19/attachment.zip>
More information about the Freeipa-users
mailing list