I have the server setup to manage sudo and I configured a target client to
use the IPA server for sudo.  When a user tries to use sudo (in this case
"sudo su -") it fails and they get the error "user is not allowed to run
sudo on client-host.  This incident will be reported." I verified via the
log files that the client is making requests to the IPA server when the
user is attemping to use sudo and it fails.  I temporarily disabled using
the IPA server for sudo and I get the standard "User not in the sudoers

Its starting to look like the server rules maybe the issue but I believe I
have the sudo rule setup correctly.  I created a sudo command "/bin/su",
created a sudo rule "Sudo to root" , added the group the user in question
is a part of to the WHO-->User Groups; Added the Host Group the target
client host is part of to Access This Host-->Host Groups and added the sudo
command to the sudo rule via Allow-->Sudo Allow Commands.  When I delete
the sudo rule I get the same result as I did when I temporarily disbled the
client host using tghe IPA server for sudo verification.

Any ideas why or where to look to figure out this issue?

Freeipa-users mailing list

Reply via email to