Ubuntu 16.04 has broken sudo as of now, try installing sudo directly from sudo website (there is a deb compatible with ubuntu 16.04)


W dniu 15.12.2017 o 05:16, Tony Delov via FreeIPA-users pisze:
I've been having difficulties connecting a freeipa-client on Ubuntu 16.06 LTS, to a Redhat IPA server that has a trusted connection to Microsoft AD server.

Ssh authentications are pretty slow, however, once I do get on, I find sudo commands often do not work for several minutes saying I am not in the "not in the sudoers file.". This is even though, I am in the same group on the access.conf file and a sudoers file.

I think the initial slowness is due to the fact that our AD system has lots of groups and I am part of many large groups with many users. I've been checking the sssd cache file, and I can see that ssh authentication does not even start until almost all groups I am a member of have been added to the cache. However, that does not explain why sudo is being delayed as the groups are already cached.

Has anyone got any advice about setting up a freeipa-client on Ubuntu to connect to a Redhat IPA server?

Has anyone else experienced difficulties with sudo commands?

Group membership not listing all the groups a person is a member off all the time.
id <username>

*IPA Client.*


# dpkg --list | grep freeipa
ii freeipa-client 4.3.1-0ubuntu1 amd64 FreeIPA centralized identity framework -- client ii freeipa-common 4.3.1-0ubuntu1 all FreeIPA centralized identity framework -- common files

*IPA Server*

# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.4 (Maipo)

# rpm -qa | grep "ipa-"

Tony D

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


*Przemysław Orzechowski*
Network Administrator
e: przemek.orzechow...@makolab.com <mailto:przemek.orzechow...@makolab.com>
t: +48 42 683 74 96

Demokratyczna 46, 93-430 Łódź, Poland
www.makolab.com <http://www.makolab.com/>

MakoBlog <https://makoblog.com/> | Facebook <https://www.facebook.com/MakoLab.SA> | LinkedIn <https://pl.linkedin.com/company/makolab>

MakoLab SA, Demokratyczna 46, 93-430 Lodz, Poland. A joint-stock company organized and existing under the laws of Republic of Poland with a registered share capital of 707 473,00 PLN (Polish zlotys), identified in the National Court Register (Krajowy Rejestr Sądowy) conducted by the District Court for Lodz Srodmiescie in Lodz under the number KRS: 0000289179, Tax Identification Number (NIP): PL 7250015526, National Official Business Register (REGON): 471343117.

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please notify the sender and delete the material from your computer.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to