[Freeipa-users] Re: Freeipa sudo

Alexander Bokovoy via FreeIPA-users Tue, 09 Jan 2024 04:36:18 -0800

On Аўт, 09 сту 2024, Dmitry Krasov via FreeIPA-users wrote:

https://youtu.be/kwQrBfuzEcg?si=aLOfs5j3xXYoiWjL


"desktop" user is freeipa user, and local sudo admin through sudo rule.
"user special" is a local user, and local sudo admin.
-----------------------
sssd.log:


Please follow https://sssd.io/troubleshooting/basics.html on how to
collect logs. You need sssd_*.log logs, in particular, sssd_dom.loc.log
(for your domain dom.loc).

Other things to check: if you have disabled HBAC rule 'allow_all', then
you need to create explicit HBAC rules for each PAM service involved.
Assuming you have HBAC rule for 'sudo', do you have one for other PAM
services used by those tools?

You can find what services were attempted by looking into the system
journal with journalctl.

(2024-01-09 14:27:28): [sssd] [server_setup] (0x1f7c0): Starting with debug 
level = 0x0070
(2024-01-09 15:03:43): [sssd] [monitor_quit_signal] (0x1f7c0): Monitor received 
Завершено: terminating childr>
(2024-01-09 15:03:43): [sssd] [monitor_quit] (0x1f7c0): Returned with: 0
(2024-01-09 15:03:43): [sssd] [monitor_quit] (0x1f7c0): Terminating [pac][807]
(2024-01-09 15:03:43): [sssd] [monitor_quit] (0x1f7c0): Child [pac] exited 
gracefully
(2024-01-09 15:03:43): [sssd] [monitor_quit] (0x1f7c0): Terminating [sudo][806]
(2024-01-09 15:03:43): [sssd] [monitor_quit] (0x1f7c0): Child [sudo] exited 
gracefully
(2024-01-09 15:03:43): [sssd] [monitor_quit] (0x1f7c0): Terminating [ssh][805]
(2024-01-09 15:03:43): [sssd] [monitor_quit] (0x1f7c0): Child [ssh] exited 
gracefully
(2024-01-09 15:03:43): [sssd] [monitor_quit] (0x1f7c0): Terminating [pam][804]
(2024-01-09 15:03:43): [sssd] [monitor_quit] (0x1f7c0): Child [pam] exited 
gracefully
(2024-01-09 15:03:43): [sssd] [monitor_quit] (0x1f7c0): Terminating [nss][803]
(2024-01-09 15:03:43): [sssd] [monitor_quit] (0x1f7c0): Child [nss] exited 
gracefully
(2024-01-09 15:03:43): [sssd] [monitor_quit] (0x1f7c0): Terminating 
[dom.loc][745]
(2024-01-09 15:03:43): [sssd] [monitor_quit] (0x1f7c0): Child [dom.loc] exited 
gracefully
(2024-01-09 15:03:58): [sssd] [server_setup] (0x1f7c0): Starting with debug 
level = 0x0070
(2024-01-09 15:14:22): [sssd] [monitor_quit_signal] (0x1f7c0): Monitor received 
Завершено: terminating childr>
(2024-01-09 15:14:22): [sssd] [monitor_quit] (0x1f7c0): Returned with: 0
(2024-01-09 15:14:22): [sssd] [monitor_quit] (0x1f7c0): Terminating [pac][809]
(2024-01-09 15:14:22): [sssd] [monitor_quit] (0x1f7c0): Child [pac] exited 
gracefully
(2024-01-09 15:14:22): [sssd] [monitor_quit] (0x1f7c0): Terminating [sudo][808]
(2024-01-09 15:14:22): [sssd] [monitor_quit] (0x1f7c0): Child [sudo] exited 
gracefully
(2024-01-09 15:14:22): [sssd] [monitor_quit] (0x1f7c0): Terminating [ssh][807]
(2024-01-09 15:14:22): [sssd] [monitor_quit] (0x1f7c0): Child [ssh] exited 
gracefully
(2024-01-09 15:14:22): [sssd] [monitor_quit] (0x1f7c0): Terminating [pam][806]
(2024-01-09 15:14:22): [sssd] [monitor_quit] (0x1f7c0): Child [pam] exited 
gracefully
(2024-01-09 15:14:22): [sssd] [monitor_quit] (0x1f7c0): Terminating [nss][805]
(2024-01-09 15:14:22): [sssd] [monitor_quit] (0x1f7c0): Child [nss] exited 
gracefully
(2024-01-09 15:14:22): [sssd] [monitor_quit] (0x1f7c0): Terminating 
[dom.loc][748]
(2024-01-09 15:14:22): [sssd] [monitor_quit] (0x1f7c0): Child [dom.loc] exited 
gracefully
(2024-01-09 15:14:38): [sssd] [server_setup] (0x1f7c0): Starting with debug 
level = 0x0070
(2024-01-09 15:20:12): [sssd] [monitor_quit_signal] (0x1f7c0): Monitor received 
Завершено: terminating childr>
(2024-01-09 15:20:12): [sssd] [monitor_quit] (0x1f7c0): Returned with: 0
(2024-01-09 15:20:12): [sssd] [monitor_quit] (0x1f7c0): Terminating [pac][805]
(2024-01-09 15:20:12): [sssd] [monitor_quit] (0x1f7c0): Child [pac] exited 
gracefully
(2024-01-09 15:20:12): [sssd] [monitor_quit] (0x1f7c0): Terminating [sudo][804]
(2024-01-09 15:20:12): [sssd] [monitor_quit] (0x1f7c0): Child [sudo] exited 
gracefully
(2024-01-09 15:20:12): [sssd] [monitor_quit] (0x1f7c0): Terminating [ssh][803]
(2024-01-09 15:20:12): [sssd] [monitor_quit] (0x1f7c0): Child [ssh] exited 
gracefully
(2024-01-09 15:20:12): [sssd] [monitor_quit] (0x1f7c0): Terminating [pam][802]
(2024-01-09 15:20:12): [sssd] [monitor_quit] (0x1f7c0): Child [pam] exited 
gracefully
(2024-01-09 15:20:12): [sssd] [monitor_quit] (0x1f7c0): Terminating [nss][801]
(2024-01-09 15:20:12): [sssd] [monitor_quit] (0x1f7c0): Child [nss] exited 
gracefully
(2024-01-09 15:20:12): [sssd] [monitor_quit] (0x1f7c0): Terminating 
[dom.loc][755]
(2024-01-09 15:20:12): [sssd] [monitor_quit] (0x1f7c0): Child [dom.loc] exited 
gracefully
(2024-01-09 15:20:32): [sssd] [server_setup] (0x1f7c0): Starting with debug 
level = 0x0070
(2024-01-09 15:22:06): [sssd] [monitor_quit_signal] (0x1f7c0): Monitor received 
Завершено: terminating childr>
(2024-01-09 15:22:06): [sssd] [monitor_quit] (0x1f7c0): Returned with: 0
(2024-01-09 15:22:06): [sssd] [monitor_quit] (0x1f7c0): Terminating [pac][806]
(2024-01-09 15:22:06): [sssd] [monitor_quit] (0x1f7c0): Child [pac] exited 
gracefully
(2024-01-09 15:22:06): [sssd] [monitor_quit] (0x1f7c0): Terminating [sudo][805]
(2024-01-09 15:22:06): [sssd] [monitor_quit] (0x1f7c0): Child [sudo] exited 
gracefully
(2024-01-09 15:22:06): [sssd] [monitor_quit] (0x1f7c0): Terminating [ssh][804]
(2024-01-09 15:22:06): [sssd] [monitor_quit] (0x1f7c0): Child [ssh] exited 
gracefully
(2024-01-09 15:22:06): [sssd] [monitor_quit] (0x1f7c0): Terminating [pam][803]
(2024-01-09 15:22:07): [sssd] [monitor_quit] (0x1f7c0): Child [pam] exited 
gracefully
(2024-01-09 15:22:07): [sssd] [monitor_quit] (0x1f7c0): Terminating [nss][802]
(2024-01-09 15:22:07): [sssd] [monitor_quit] (0x1f7c0): Child [nss] exited 
gracefully
(2024-01-09 15:22:07): [sssd] [monitor_quit] (0x1f7c0): Terminating 
[dom.loc][741]
(2024-01-09 15:22:07): [sssd] [monitor_quit] (0x1f7c0): Child [dom.loc] exited 
gracefully
(2024-01-09 15:22:30): [sssd] [server_setup] (0x1f7c0): Starting with debug 
level = 0x0070
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue




--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Freeipa-users] Re: Freeipa sudo

Reply via email to