On (10/11/17 17:31), Andrea Passuello wrote: >Thanks Galen for your help. > >This is the output of the sssd_sudo.log and sssd_domain.log when I try a >sudo command. >The debug is set to 7. >I don't post now the sudo_debug.log because it's very long. If it could be >useful I can try to post it also later. > > >==> sssd_sudo.log <== >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [accept_fd_handler] (0x0400): >Client connected! >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sss_cmd_get_version] (0x0200): >Received client version [1]. >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sss_cmd_get_version] (0x0200): >Offered version [1]. >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sss_parse_name_for_domains] >(0x0200): name 'MYUSER' matched without domain, user is MYUSER >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sss_parse_name_for_domains] >(0x0200): name 'MYUSER' matched without domain, user is MYUSER >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_cmd_parse_query_done] >(0x0200): Requesting default options for [MYUSER] from [<ALL>] >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_user] (0x0200): >Requesting info about [myu...@mydomain.com] >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_user] (0x0400): >Returning info for user [myu...@mydomain.com] >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_rules] (0x0400): >Retrieving default options for [MYUSER] from [MYDOMAIN.COM] >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] >(0x0200): Searching sysdb with >[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=MYUSER)(sudoUser=#1126)(sudoUser=%SystemAdmin)(sudoUser=%MYUSER)(sudoUser=+*))(&(dataExpireTimestamp<=1510329679)))] >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] >(0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(name=defaults)))] >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] >(0x0400): Returning 0 rules for [<default options>@MYDOMAIN.COM] >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sss_parse_name_for_domains] >(0x0200): name 'MYUSER' matched without domain, user is MYUSER >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sss_parse_name_for_domains] >(0x0200): name 'MYUSER' matched without domain, user is MYUSER >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_cmd_parse_query_done] >(0x0200): Requesting rules for [MYUSER] from [<ALL>] >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_user] (0x0200): >Requesting info about [myu...@mydomain.com] >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_user] (0x0400): >Returning info for user [myu...@mydomain.com] >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_rules] (0x0400): >Retrieving rules for [MYUSER] from [MYDOMAIN.COM] >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] >(0x0200): Searching sysdb with >[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=MYUSER)(sudoUser=#1126)(sudoUser=%SystemAdmin)(sudoUser=%MYUSER)(sudoUser=+*))(&(dataExpireTimestamp<=1510329679)))] >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] >(0x0200): Searching sysdb with >[(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=MYUSER)(sudoUser=#1126)(sudoUser=%SystemAdmin)(sudoUser=%MYUSER)(sudoUser=+*)))] >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting >rules with higher-wins logic >(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] >(0x0400): Returning 1 rules for [myu...@mydomain.com] > I think this is the most important info. SSSD returned something to sudo but you cannot see anything.
Is it problem with single user? or in general? Can you see something with "sudo -l" >==> sssd_MYDOMAIN.COM.log <== >(Fri Nov 10 17:01:22 2017) [sssd[be[MYDOMAIN.COM]]] [be_get_account_info] domain log needn't contain anything related because sudo rules are downloaded periodically and not on demand. You can try to upgrade sudo (only sudo) to ensure that bug is not in sudo https://packages.ubuntu.com/search?suite=zesty&searchon=names&keywords=sudo https://packages.ubuntu.com/search?suite=artful&searchon=names&keywords=sudo LS _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
