[Freeipa-users] SSSD does not fetch Sudo Rules anymore
Alexander Bokovoy
abokovoy at redhat.com
Mon Mar 7 10:31:18 UTC 2016
On Mon, 07 Mar 2016, Zoske, Fabian wrote:
>Hi,
>
>I looked in the sudo_debug log and found the following line:
>Mar 7 11:00:08 sudo[31293] <- new_logline @ ./logging.c:867 := user NOT authorized on host ; TTY=pts/1 ; PWD=/home/<DOMAIN>/f.zoske ; USER=root ; COMMAND=/bin/bash
>
>On our IPA-Server I have following rules:
>
>HBAC:
>Name: allow_all_admins
>Who: Group: admins
>Accessing: Any Host
>Via Service: Any Service
>
>SUDO:
>Name: allow_all_all
>Who: Group: admins
>Access this host: Any Host
>Run Commands: Any Command
>As Whom: Anyone
>
>In our setup I have AD-Trust established to a multi domain forest and in our sssd.conf I had to adjust the UPN via the following lines (suggested by Jakub):
>subdomain_inherit = ldap_user_principal
>ldap_user_principal = nosuchattr
>
>Is anything of this related to the problem?
>Shall I send you the log files of sssd and sudo?
Off-list, please.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list