[Freeipa-users] sudo sometimes doesn't work
Orion Poplawski
orion at cora.nwra.com
Tue Mar 14 20:37:31 UTC 2017
On 01/30/2017 01:38 AM, Jakub Hrozek wrote:
> On Fri, Jan 27, 2017 at 02:15:16PM -0700, Orion Poplawski wrote:
>> EL7.3
>> Users are in active directory via AD trust with IPA server
>>
>> sudo is configured via files - users in our default "nwra" group can run
>> certain sudo commands, e.g.:
>>
>> Cmnd_Alias WAKEUP = /sbin/ether-wake *
>> %nwra,%visitor,%ivm ALL=NOPASSWD: WAKEUP
>>
>> However, sometimes when I run sudo /sbin/ether-wake I get prompted for my
>> password. Other times it works fine. I've attached some logs from failed
>> attempt.
>
> So the sudo command is successfull in the end, it 'just' prompts for a
> password?
No, it fails when given the password:
Sorry, user USER is not allowed to execute '/sbin/ether-wake XXX' as root on HOST.
Turns out I'm an idiot. Needed to run ipa-adtrust-install on all of the IPA
servers and make sure things were working on all of them. Things would break
depending on which ipa server the client sssd was connected to.
--
Orion Poplawski
Technical Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the Freeipa-users
mailing list