I've been having difficulties connecting a freeipa-client on Ubuntu 16.06 LTS, to a Redhat IPA server that has a trusted connection to Microsoft AD server.
Ssh authentications are pretty slow, however, once I do get on, I find sudo commands often do not work for several minutes saying I am not in the "not in the sudoers file.". This is even though, I am in the same group on the access.conf file and a sudoers file. I think the initial slowness is due to the fact that our AD system has lots of groups and I am part of many large groups with many users. I've been checking the sssd cache file, and I can see that ssh authentication does not even start until almost all groups I am a member of have been added to the cache. However, that does not explain why sudo is being delayed as the groups are already cached. Has anyone got any advice about setting up a freeipa-client on Ubuntu to connect to a Redhat IPA server? Has anyone else experienced difficulties with sudo commands? Group membership not listing all the groups a person is a member off all the time. id <username> *IPA Client.* DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS" # dpkg --list | grep freeipa ii freeipa-client 4.3.1-0ubuntu1 amd64 FreeIPA centralized identity framework -- client ii freeipa-common 4.3.1-0ubuntu1 all FreeIPA centralized identity framework -- common files *IPA Server* # cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.4 (Maipo) # rpm -qa | grep "ipa-" sssd-ipa-1.15.2-50.el7_4.6.x86_64 ipa-common-4.5.0-21.el7_4.2.2.noarch ipa-server-4.5.0-21.el7_4.2.2.x86_64 ipa-client-common-4.5.0-21.el7_4.2.2.noarch ipa-client-4.5.0-21.el7_4.2.2.x86_64 ipa-server-common-4.5.0-21.el7_4.2.2.noarch ipa-server-trust-ad-4.5.0-21.el7_4.2.2.x86_64 Regards Tony D
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
