<div dir="ltr"><div>sorry for delay<br></div>file sssd.conf:<br>==============<br><pre class="">domain/<a href="http://example.com">example.com</a>]<br>debug_level = 6<br>cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = <a href="http://l.example.com">l.example.com</a>
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = <a href="http://client1.l.example.com">client1.l.example.com</a>
chpass_provider = ipa
ipa_server = <a href="http://ipaserver.l.example.com">ipaserver.l.example.com</a>
ldap_tls_cacert = /etc/ipa/ca.crt</pre><pre class="">[sssd]
config_file_version = 2
services = nss, pam,ssh,sudo

domains = <a href="http://l.example.com">l.example.com</a>
[nss]

[pam]<br><br></pre><pre class="">[ssh]<br></pre></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Aug 25, 2014 at 4:49 PM, Jakub Hrozek <span dir="ltr"><<a href="mailto:jhrozek@redhat.com" target="_blank">jhrozek@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">On Mon, Aug 25, 2014 at 01:58:41PM +0200, Jakub Hrozek wrote:<br>
> For sudo logs, something like:<br>
>                Debug sudo /tmp/sudo_debug all@debug<br>
> Should produce pretty verbose logs<br>
<br>
</div>Sorry, I should have said the Debug directive belongs to /etc/sudo.conf<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go To <a href="http://freeipa.org" target="_blank">http://freeipa.org</a> for more info on the project<br>
</div></div></blockquote></div><br></div>