This is resolved by updating sudo package.

---> Package sudo.x86_64 0:1.8.6p7-11.el7 will be updated
---> Package sudo.x86_64 0:1.8.19p2-10.el7 will be an update

From: Pavel Březina <>
Sent: Thursday, August 31, 2017 1:48:33 AM
To: Jakub Hrozek; Z D
Cc: FreeIPA users list
Subject: Re: [Freeipa-users] Re: sudo policy doesn't work since host is 
installed with CNAME

On 08/31/2017 08:35 AM, Jakub Hrozek wrote:
> On Wed, Aug 30, 2017 at 08:51:24PM +0000, Z D wrote:
>>> Does ipa_hostname in sssd.conf point to cname (or, the hostname registered 
>>> with IPA) ?
>> It points to the DNS A record, the one that is registered with IPA.
> Pavel, is a setup with a machne where the hostname in IPA doesn't match
> the machine hostname known to work?

sudo should read ipa_hostname from /etc/sssd/sssd.conf so if this option
is present, it should work. If it does not, we need sudo debug logs.

FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to