[SSSD-users] Re: AD sudo rules have no values for attributes?

> On Apr 5, 2018, at 3:22 PM, Jakub Hrozek wrote: > > > >> On 5 Apr 2018, at 19:56, Max DiOrio wrote: >> >> I’m guessing someone was thinking that the group lookup was case sensitive >> and entered it both ways to rule that out. > > I wonder if you

[SSSD-users] Re: AD sudo rules have no values for attributes?

> On 5 Apr 2018, at 19:56, Max DiOrio wrote: > > I’m guessing someone was thinking that the group lookup was case sensitive > and entered it both ways to rule that out. I wonder if you know how did they manage to put the duplicate entries into AD? I tried with ADSI edit

[SSSD-users] Re: AD sudo rules have no values for attributes?

I fixed it. Here’s more from the sssd_domain log. A single line revealed the issue. When storing the DevTest rule it said a value is provided more than once. When I looked at the entry in AD, the attribute sudoUser had the same group entered twice. Once as %GS-Technology, once as

[SSSD-users] AD sudo rules have no values for attributes?

I've got a few dozen servers using SSSD to authenticate and retrieve SUDO rules stored in AD and GPO. Everything works perfectly except for a new RHEL 6.8 server I brought up. sssd version 1.13.3 on both the working 6.8 and non-working 6.8 server. I literally copied the nsswitch, sssd.conf and