Hi Jochen, nsswitch.conf checks local files and sss. Below is the contents of etc/pam.d/sudo:
---- #%PAM-1.0 # Set up user limits from /etc/security/limits.conf. session required pam_limits.so @include common-auth @include common-account @include common-session-noninteractive ---- sudo -l: ---- ansible@debclient1:~$ sudo -l [sudo] password for ansible: Sorry, user ansible may not run sudo on debclient1. ---- sssd_[domain].log: https://privatebin.net/?e841ce0e62791e1b#CU9EhpDrajzQXEihhp2jmjbD92RtG8YZ6Sw4FxaZw1Zx sssd_sudo.log: https://privatebin.net/?40e60858ff984c15#HcQQK2u8wCTYzA6tcttnaiQMsoQ1mVbjCnAovkvDpY6V I have created a new testuser, placed this one in the same hbac rules group. also no sudo access. Added this new test user to the local sudo group, and access has been granted. It shouldn't be nessecary to add IPA users to local groups, or am I wrong here. kind regards. -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
