Your message dated Tue, 3 Apr 2007 20:52:15 -0600 (MDT)
with message-id <[EMAIL PROTECTED]>
and subject line closing
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: sudo-ldap
Version: 1.6.8p12-4
sudoCommand should be written as follows:
sudoCommand: ALL
Met vriendelijke groeten / With kind regards / Mit freundlichen Grüßen / Med
vänliga hälsningar / nuosirdziausi linkejimai,
Huibert Kivits
OPS&ITB/WPS/UAS/MSO UNIX
Locatiecode NA 00.92
T (020) 563 73 33, F (020) 563 70 02
E Huibert.Kivits at mail.ing.nl
"...all too often, when organizations develop information security programs,
they treat security issues as a simple 'check-box' on the list of required
corporate functions."
Richard Forno & Kenneth R van Wyk, "Incident Response", O'Reilly, 2001, ISBN:
0-596-00130-4
-----Oorspronkelijk bericht-----
Van: sudo-users-bounces at courtesan.com [mailto:sudo-users-bounces at
courtesan.com] Namens Jeremy Hansen
Verzonden: dinsdag 21 maart 2006 23:00
Aan: sudo-users at sudo.ws
Onderwerp: [sudo-users] is not allowed to execute '/bin/su -' as root
I'm attempting to setup sudo control via ldap. I seem to have most pieces
worked out but yet I'm unable to get sudo to allow my user to actually run
things.
Here's the info:
My defaults
dn: cn=defaults,ou=SUDOers,dc=blah,dc=com
objectClass: top
objectClass: sudoRole
cn: defaults
description: Default sudoOption's go here
sudoOption: ignore_local_sudoers
User entry
dn: cn=jhansen,ou=SUDOers,dc=blah,dc=com
objectClass: top
objectClass: sudoRole
cn: jhansen
sudoUser: jhansen
sudoHost: ALL
sudoCommand: (ALL) ALL
Here is my output when I just try to do sudo su - as user jhansen
[jhansen at z000009 ~]$ sudo su -
LDAP Config Summary
===================
host z000009.blah.com
port 389
ldap_version 3
sudoers_base ou=SUDOers,dc=blah,dc=com
binddn (anonymous)
bindpw (anonymous)
ssl start_tls
===================
ldap_set_option(LDAP_OPT_X_TLS_CACERTDIR,"/etc/openldap/cacerts")
ldap_init(z000009.blah.com,389)
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03)
ldap_start_tls_s() ok
ldap_bind() ok
found:cn=defaults,ou=SUDOers,dc=blah,dc=com
ldap sudoOption: 'ignore_local_sudoers'
ldap search
'(|(sudoUser=jhansen)(sudoUser=%jhansen)(sudoUser=%jhansen)(sudoUser=ALL))'
found:cn=jhansen,ou=SUDOers,dc=blah,dc=com
ldap sudoHost 'ALL' ... MATCH!
ldap sudoCommand '(ALL) ALL' ... not
ldap search 'sudoUser=+*'
user_matches=-1
host_matches=-1
sudo_ldap_check(0)=0x04
Password:
Sorry, user jhansen is not allowed to execute '/bin/su -' as root on
z000009.blah.com.
The session looks as if it finds my user, says there's a match, but it seems to
get something wrong on the sudoCommand entry...
Not really sure what's going on at this point.
My /etc/pam.d/sudo
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
Any helps is appreciated.
Thanks
-jeremy
--- End Message ---
--- Begin Message ---
No reply to request for more information after over 5 months, and I still
think this is user error. Closing this bug with no further action taken.
Bdale
--- End Message ---
