Hello, I'm trying to figure out why an ad-domain user cannot use sudo.
When I test with ipa hbactest --user=ansible --host ipa01.linux.example.com --service sudo-i It says access granted: True however if I issue the command 'sudo -l -U ansible' on the ipa01 host it says:User ansi...@windows.example.com is not allowed to run sudo on ipa01 It works for an ipa user using the same sudo rule. id ansible works as well on the ipa01 host uid=1958801104(ansi...@windows.example.com) gid=1958801104( ansi...@windows.example.com) groups=1958801104(ansi...@windows.example.com),1958800512(domain adm...@windows.example.com),1958800513(domain us...@windows.example.com) the user ansible can login to the ipa01 host but cannot issue sudo -i. What am I missing ? Rob Verduijn
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
