[Freeipa-users] sudo users
Jakub Hrozek
jhrozek at redhat.com
Thu Mar 10 08:37:13 UTC 2016
On Thu, Mar 10, 2016 at 03:50:08PM +1300, Teik Hooi Beh wrote:
> Hi,
>
> I am trying to deploy sudo rules in FreeIPA 4.2 on Centos 7.2. I have
> created 2 sudo rules, one with sudo options=!authenticate (NOPASSWD) and
> the other sudo options=authenticate (PASSWD) (which I assume requires the
> user to key in the password to run).
>
> The NOPASSWD works but the one with PASSWD kept denying eventhough password
> seems authenticated (from /var/log/secure) -
>
> Mar 10 02:38:31 node1 sudo: pam_sss(sudo:auth): authentication success;
> logname=ttester uid=5001 euid=0 tty=/dev/pts/1 ruser=ttester rhost=
> user=ttester
> Mar 10 02:38:31 node1 sudo: pam_sss(sudo:account): Access denied for user
> ttester: 6 (Permission denied)
>
> I have followed instructions from here -
> http://blog.delouw.ch/2013/07/25/centrally-manage-sudoers-rules-with-ipa-part-i-preparation/
Looks like HBAC is denying access, please make sure the user is allowed
to access the sudo/sudo-i service.
More information about the Freeipa-users
mailing list