On (07/08/17 17:10), Alka Murali via FreeIPA-users wrote:
>Hello Team,
>
>Have checked all the logs, and the SSSD Logs are saying that it is
>processing the sudo rules which I have configured on my FreeIPA Server.
>However if I run sudo commands on my client, it is giving me the message
>that the user is not in sudoers file.
>
>Is it an issue with my SUDO package on Ubuntu or an issue with SSSD.I have
>been using the same Configuration in my other clients and all of them are
>able to fetch the SUDO Rules.
>
If you use the same configuration on older versions of ubuntu
then it sounds like a bug in sudo package in ubuntu.

I would recommend to compare sudo logs from different version
https://docs.pagure.org/SSSD.sssd/users/sudo_troubleshooting.html#obtaining-logs


BTW it would be good to check that sudo is built with sssd support

sudo --version | grep sss

Here is an output from fedora

  sh# sudo --version | grep sss
  Configure options: --build=x86_64-redhat-linux-gnu
  --host=x86_64-redhat-linux-gnu --program-prefix= --disable-dependency-tracking
  --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin
  --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include
  --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var
  --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info
  --prefix=/usr --sbindir=/usr/sbin --libdir=/usr/lib64
  --docdir=/usr/share/doc/sudo --disable-root-mailer --with-logging=syslog
  --with-logfac=authpriv --with-pam --with-pam-login --with-editor=/bin/vi
  --with-env-editor --with-ignore-dot --with-tty-tickets --with-ldap
  --with-selinux --with-passprompt=[sudo] password for %p:  --with-linux-audit
  --with-sssd
    ^^^^^^^^^
This is important.

LS
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to