Ubuntu 16.04 has broken sudo as of now, try installing sudo directly
from sudo website (there is a deb compatible with ubuntu 16.04)
https://www.sudo.ws/download.html#binary
W dniu 15.12.2017 o 05:16, Tony Delov via FreeIPA-users pisze:
I've been having difficulties connecting a freeipa-client on Ubuntu
16.06 LTS, to a Redhat IPA server that has a trusted connection to
Microsoft AD server.
Ssh authentications are pretty slow, however, once I do get on, I find
sudo commands often do not work for several minutes saying I am not in
the "not in the sudoers file.". This is even though, I am in the same
group on the access.conf file and a sudoers file.
I think the initial slowness is due to the fact that our AD system has
lots of groups and I am part of many large groups with many users.
I've been checking the sssd cache file, and I can see that ssh
authentication does not even start until almost all groups I am a
member of have been added to the cache. However, that does not explain
why sudo is being delayed as the groups are already cached.
Has anyone got any advice about setting up a freeipa-client on Ubuntu
to connect to a Redhat IPA server?
Has anyone else experienced difficulties with sudo commands?
Group membership not listing all the groups a person is a member off
all the time.
id <username>
*IPA Client.*
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"
# dpkg --list | grep freeipa
ii freeipa-client 4.3.1-0ubuntu1 amd64
FreeIPA centralized identity framework -- client
ii freeipa-common 4.3.1-0ubuntu1 all
FreeIPA centralized identity framework -- common files
*IPA Server*
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.4 (Maipo)
# rpm -qa | grep "ipa-"
sssd-ipa-1.15.2-50.el7_4.6.x86_64
ipa-common-4.5.0-21.el7_4.2.2.noarch
ipa-server-4.5.0-21.el7_4.2.2.x86_64
ipa-client-common-4.5.0-21.el7_4.2.2.noarch
ipa-client-4.5.0-21.el7_4.2.2.x86_64
ipa-server-common-4.5.0-21.el7_4.2.2.noarch
ipa-server-trust-ad-4.5.0-21.el7_4.2.2.x86_64
Regards
Tony D
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
--
**
**
**
*Przemysław Orzechowski*
Network Administrator
e: przemek.orzechow...@makolab.com <mailto:przemek.orzechow...@makolab.com>
t: +48 42 683 74 96
*MakoLab*
Demokratyczna 46, 93-430 Łódź, Poland
www.makolab.com <http://www.makolab.com/>
MakoBlog <https://makoblog.com/> | Facebook
<https://www.facebook.com/MakoLab.SA> | LinkedIn
<https://pl.linkedin.com/company/makolab>
MakoLab SA, Demokratyczna 46, 93-430 Lodz, Poland. A joint-stock company
organized and existing under the laws of Republic of Poland with a
registered share capital of 707 473,00 PLN (Polish zlotys), identified
in the National Court Register (Krajowy Rejestr Sądowy) conducted by the
District Court for Lodz Srodmiescie in Lodz under the number KRS:
0000289179, Tax Identification Number (NIP): PL 7250015526, National
Official Business Register (REGON): 471343117.
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
received this in error, please notify the sender and delete the material
from your computer.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org