On Пан, 04 ліс 2024, Carlos Lopez Molina via FreeIPA-users wrote:
Hi Alexander, thank you for your response. After reviewing it, I found that everything was configured properly. I also had sudoers rules and hbac rules put in place. I realized that I didn't add a rule for sudo, there were only rules for sshd. For this reason the sudo authentication was failing. Then, in this case the problema was that there was no hbac rule allowing the use of sudo.
Thanks for the update. I created a ticket for freeipa-healthcheck to find out cases when people have sudo rules but no corresponding HBAC rule to permit access to sudo. This could help preventing situations like this one. https://github.com/freeipa/freeipa-healthcheck/issues/344 -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
