[Freeipa-users] [SOLVED] New IPA server and unable to sudo from client

Tue, 12 Oct 2021 06:58:54 -0700 

I had two IPA servers setup - my master and the replica.  When performing the 
HBAC test (which includes a sudo rules test as a component of the HBAC test) 
the test would say access granted from the master.  I had not tried to run the 
same test from the replica until this weekend when I did so by accident.  The 
test told me access denied.  For a moment I was puzzled until I realized I was 
running the test from the replica.  Then I tried the same test again from the 
master and the test passed.  This made me realize something was wrong and 
needed to be investigated further.  I decided to install the ipa healthcheck 
tool on both servers and see what it told me.  I read the documentation and ran 
all available healthchecks.  Sure enough, one of the healthchecks failed.  It 
didn't have just one failure though, there were many failures for the same 
test.  I learned that even though the replica install logs showed installation 
success I was still missing a package that needed to be installed 
 separately.  Once I installed the correct ipa package and ran the healthcheck 
again all tests passed.  Now, when running the HBAC test in the GUI, both 
servers showed access granted.  A last test from the client still didn't work.  
I cleared the sssd cache and tried again.  Now sudo worked!  It certainly 
underscored how important it is to have a healthy system status.  Also, the 
problem appeared to be one thing in my mind but turned out being totally 
different when actually resolved.  Keep your mind open to all possibilities.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to