Cool. That solved the problem. Thanks On Thu, Mar 10, 2016 at 9:37 PM, Jakub Hrozek <jhro...@redhat.com> wrote:
> On Thu, Mar 10, 2016 at 03:50:08PM +1300, Teik Hooi Beh wrote: > > Hi, > > > > I am trying to deploy sudo rules in FreeIPA 4.2 on Centos 7.2. I have > > created 2 sudo rules, one with sudo options=!authenticate (NOPASSWD) and > > the other sudo options=authenticate (PASSWD) (which I assume requires the > > user to key in the password to run). > > > > The NOPASSWD works but the one with PASSWD kept denying eventhough > password > > seems authenticated (from /var/log/secure) - > > > > Mar 10 02:38:31 node1 sudo: pam_sss(sudo:auth): authentication success; > > logname=ttester uid=5001 euid=0 tty=/dev/pts/1 ruser=ttester rhost= > > user=ttester > > Mar 10 02:38:31 node1 sudo: pam_sss(sudo:account): Access denied for user > > ttester: 6 (Permission denied) > > > > I have followed instructions from here - > > > http://blog.delouw.ch/2013/07/25/centrally-manage-sudoers-rules-with-ipa-part-i-preparation/ > > Looks like HBAC is denying access, please make sure the user is allowed > to access the sudo/sudo-i service. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project