Hi, I posted a similair issue a while ago. then sudo rules magically started working after enabling and disabeling the "allow_all" rule. This time, I cannot get any sudo command working, while a hbac testing is OK. I can even see in the log of the client that "allow_all" permits the sudo-i. Issue is on all clients. There is no poblem with ssh/login for the AD users.
``` [admin@idm1 ~]$ ipa hbactest --user [email protected] --host host01.redacted.services --service sudo-i -------------------- Access granted: True -------------------- Matched rules: allow_all Matched rules: infra-mgmt_clients_hg < ... > ``` ``` [email protected]@host01:~$ sudo -i [sudo] password for [email protected]: [email protected] is not allowed to run sudo on host01. ``` Enabling debugging: sssd_domain.log https://pastebin.com/mFGUEnse sssd_sudo.log https://pastebin.com/3d3ETTNh Also enabled debug in /etc/sudo.conf. In this debug data there is no mention or trace about sss or the user. Configuration files seem OK. sssd.conf, krb5.conf, nssswithc.conf. -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
