[Freeipa-users] sudo - differences between Centos 6.5 and Centos 7.0?
Tomas Simecek
simecek.tomas at gmail.com
Thu Jul 14 17:32:34 UTC 2016
Hi Lukas,
thanks, I see you're really trying to help.
Log files are attached.
2016-07-14 18:42 GMT+02:00 Lukas Slebodnik <lslebodn at redhat.com>:
> On (14/07/16 13:52), Tomas Simecek wrote:
> >Hi Lukas,
> >sorry to say, but nothing helps.
> >
> >I have just updated IPA server, so that now it is:
> >[root at svlxxipap ~]# cat /etc/redhat-release
> >CentOS Linux release 7.2.1511 (Core)
> >
> >with:
> >[root at svlxxipap ~]# rpm -qa|grep ipa
> >ipa-server-trust-ad-4.2.0-15.0.1.el7.centos.17.x86_64
> >libipa_hbac-1.13.0-40.el7_2.9.x86_64
> >ipa-python-4.2.0-15.0.1.el7.centos.17.x86_64
> >ipa-server-dns-4.2.0-15.0.1.el7.centos.17.x86_64
> >python-iniparse-0.4-9.el7.noarch
> >ipa-server-4.2.0-15.0.1.el7.centos.17.x86_64
> >sssd-ipa-1.13.0-40.el7_2.9.x86_64
> >ipa-admintools-4.2.0-15.0.1.el7.centos.17.x86_64
> >python-libipa_hbac-1.13.0-40.el7_2.9.x86_64
> >ipa-client-4.2.0-15.0.1.el7.centos.17.x86_64
> >
> It has to work with IPA on CentOS 7.2
> and sssd-1.13.3-22.el6_8.4 on client.
>
> >I have also changed sudoers to sudo in sssd.conf as you suggested and
> >restarted sssd.
> >No difference, still:
> >[simecek.tomas at sd-stc.cz@zp-cml-test ~]$ sudo service sshd restart
> >[sudo] password for simecek.tomas at sd-stc.cz:
> >simecek.tomas at sd-stc.cz is not in the sudoers file. This incident will
> be
> >reported.
> >
> >I guess I will pilot some more IPA clients to make sure it works reliably
> >and if yes, I guess we will be able to live with the fact that older
> >Linuxes doe not offer sudo to AD clients.
> >
> I assume you meant AD users from trust.
>
> But previously, you provided data and user was member of group which
> should be alowed to use sudo rules.
>
> I would like to find out why sudo rules were not fetched from IPA.
>
> I would like to see full log file + dump of sssd cache.
> Please:
> * clean cache and log files on *IPA server*
> rm -f /var/lib/sss/db/* /var/log/sssd/*
> * enable debug_level=9 in domain section and sudo
> * restart sssd on *IPA server*
>
> * clean cache and log files on *IPA client*
> rm -f /var/lib/sss/db/* /var/log/sssd/*
> * enable debug_level=9 in domain section and sudo
> * restart sssd *IPA client*
>
>
> * authernticate with user simecek.tomas at sd-stc.cz
> * call id simecek.tomas at sd-stc.cz
> * try sudo.
>
> * send all sssd log files + sssd.conf
> * provide dump of sssd cache
> ldbsearch -H /var/lib/sss/db/cache_$domain.ldb
> (utility ldbsearch is part of package ldb-tools
>
>
> Please provide log files, sssd.conf and dump of sssd cache
> from client and also from IPA server.
>
> Thank you very much for patience.
>
> LS
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160714/be7eb2c5/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: client.tgz
Type: application/x-gzip
Size: 72969 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160714/be7eb2c5/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: server.tgz
Type: application/x-gzip
Size: 121645 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160714/be7eb2c5/attachment-0001.bin>
More information about the Freeipa-users
mailing list