On the host in question Run the command: domainname That wants to match whatever your domain is. If it doesn't it will fail even if you have all the server rules configured correctly. This is a sudo + netgroups/hostgroups 'feature'
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jr Aquino | Sr. Information Security Specialist GIAC Certified Incident Handler | GIAC WebApp Penetration Tester Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117 T: +1 805.690.3478 C: +1 805.717.0365 jr.aqu...@citrixonline.com http://www.citrixonline.com On Oct 16, 2012, at 2:26 PM, "Toasted Penguin" <toastedpenguini...@gmail.com> wrote: > I have the server setup to manage sudo and I configured a target client to > use the IPA server for sudo. When a user tries to use sudo (in this case > "sudo su -") it fails and they get the error "user is not allowed to run sudo > on client-host. This incident will be reported." I verified via the log > files that the client is making requests to the IPA server when the user is > attemping to use sudo and it fails. I temporarily disabled using the IPA > server for sudo and I get the standard "User not in the sudoers file...." > > Its starting to look like the server rules maybe the issue but I believe I > have the sudo rule setup correctly. I created a sudo command "/bin/su", > created a sudo rule "Sudo to root" , added the group the user in question is > a part of to the WHO-->User Groups; Added the Host Group the target client > host is part of to Access This Host-->Host Groups and added the sudo command > to the sudo rule via Allow-->Sudo Allow Commands. When I delete the sudo > rule I get the same result as I did when I temporarily disbled the client > host using tghe IPA server for sudo verification. > > Any ideas why or where to look to figure out this issue? > > Thanks, > David > _______________________________________________ > Freeipa-users mailing list > Freeipaemail@example.com > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users