Thanks for the reply. I would like to mention you that the same
Configuration on Ubuntu 16.04 with the same sudo version is processing the
sudo rules and users are able to execute the sudo commands. So if it is an
issue with sudo, then is the fix to issue is to update the sudo to a higher

Here is the result on sudo built with sssd


Configure options: --prefix=/usr -v --with-all-insults --with-pam
--with-fqdn --with-logging=syslog --with-logfac=authpriv --with-env-editor
--with-exampledir=/usr/share/doc/sudo/examples --with-timeout=15
--with-password-timeout=0 --with-passprompt=[sudo] password for %p:
--with-tty-tickets --disable-root-mailer --enable-admin-flag
--with-sendmail=/usr/sbin/sendmail --with-rundir=/var/run/sudo
--mandir=/usr/share/man --libexecdir=/usr/lib/sudo --with-*sss*d --with-
*sss*d-lib=/usr/lib/x86_64-linux-gnu --with-selinux --with-linux-audit


Mean while I will compare the sudo logs and will inform you.

Thanks and Regards,

Alka Murali

On Mon, Aug 7, 2017 at 5:53 PM, Lukas Slebodnik <lsleb...@redhat.com> wrote:

> On (07/08/17 17:10), Alka Murali via FreeIPA-users wrote:
> >Hello Team,
> >
> >Have checked all the logs, and the SSSD Logs are saying that it is
> >processing the sudo rules which I have configured on my FreeIPA Server.
> >However if I run sudo commands on my client, it is giving me the message
> >that the user is not in sudoers file.
> >
> >Is it an issue with my SUDO package on Ubuntu or an issue with SSSD.I have
> >been using the same Configuration in my other clients and all of them are
> >able to fetch the SUDO Rules.
> >
> If you use the same configuration on older versions of ubuntu
> then it sounds like a bug in sudo package in ubuntu.
> I would recommend to compare sudo logs from different version
> https://docs.pagure.org/SSSD.sssd/users/sudo_troubleshooting.html#
> obtaining-logs
> BTW it would be good to check that sudo is built with sssd support
> sudo --version | grep sss
> Here is an output from fedora
>   sh# sudo --version | grep sss
>   Configure options: --build=x86_64-redhat-linux-gnu
>   --host=x86_64-redhat-linux-gnu --program-prefix=
> --disable-dependency-tracking
>   --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin
>   --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include
>   --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var
>   --sharedstatedir=/var/lib --mandir=/usr/share/man
> --infodir=/usr/share/info
>   --prefix=/usr --sbindir=/usr/sbin --libdir=/usr/lib64
>   --docdir=/usr/share/doc/sudo --disable-root-mailer --with-logging=syslog
>   --with-logfac=authpriv --with-pam --with-pam-login --with-editor=/bin/vi
>   --with-env-editor --with-ignore-dot --with-tty-tickets --with-ldap
>   --with-selinux --with-passprompt=[sudo] password for %p:
> --with-linux-audit
>   --with-sssd
>     ^^^^^^^^^
> This is important.
> LS
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to