[Freeipa-users] Re: SUDO Rules not getting processed

Tue, 08 Aug 2017 07:53:49 -0700 

Are you 100% sure that you have a line like "sudoers: files sss" in your 
/etc/nsswitch.conf?

Am 7. August 2017 11:10:56 MESZ schrieb Alka Murali via FreeIPA-users 
<freeipa-users@lists.fedorahosted.org>:
>Hello Team,
>
>Have checked all the logs, and the SSSD Logs are saying that it is
>processing the sudo rules which I have configured on my FreeIPA Server.
>However if I run sudo commands on my client, it is giving me the
>message
>that the user is not in sudoers file.
>
>Is it an issue with my SUDO package on Ubuntu or an issue with SSSD.I
>have
>been using the same Configuration in my other clients and all of them
>are
>able to fetch the SUDO Rules.
>
>Please provide me an update on the issue.
>
>Thanks and Regards,
>Alka Murali
>
>On Fri, Aug 4, 2017 at 7:31 PM, Alka Murali <alkamuralim...@gmail.com>
>wrote:
>
>> Hello,
>>
>> I have implemented a freeipa server and enrolled many clients like
>Ubuntu,
>> Debian, CentOS. In all those clients, my sudo rules worked.
>>
>> However if I try the sudo rules to the users in Ubuntu 16, its not
>> recognising the sudo user
>>
>> ------
>>
>> Aug  4 19:22:40 **** sudo: pam_unix(sudo:auth): authentication
>failure;
>> logname=device uid=1441000030 euid=0 tty=/dev/pts/1 ruser=device
>rhost=
>> user=device
>>
>> Aug  4 19:22:40 ***** sudo: pam_sss(sudo:auth): authentication
>success;
>> logname=device uid=1441000030 euid=0 tty=/dev/pts/1 ruser=device
>rhost=
>> user=device
>>
>> Aug  4 19:22:40 ***** sudo:   device : user NOT authorized on host ;
>> TTY=pts/1 ; PWD=/home/device ; USER=root ; COMMAND=/usr/bin/less
>> /var/log/syslog
>>
>> -------
>>
>> I have updated the sssd and ldap configuration file as well as
>nssswitch
>> conf. However the rule was not being accepted.
>>
>> I have properly configured SSSD, LDAP and NSS. Let me know if any
>> additional settings needs to be updated.
>>
>>
>> Awaiting your reply.
>>
>>
>> Thanks and Regards,
>>
>> Alka Murali
>>

-- 
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to