On the host in question Run the command: domainname

That wants to match whatever your domain is. If it doesn't it will fail even if 
you have all the server rules configured correctly. This is a sudo + 
netgroups/hostgroups 'feature'

Jr Aquino | Sr. Information Security Specialist
GIAC Certified Incident Handler | GIAC WebApp Penetration Tester
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
T:  +1 805.690.3478
C: +1 805.717.0365

On Oct 16, 2012, at 2:26 PM, "Toasted Penguin" <toastedpenguini...@gmail.com> 

> I have the server setup to manage sudo and I configured a target client to 
> use the IPA server for sudo.  When a user tries to use sudo (in this case 
> "sudo su -") it fails and they get the error "user is not allowed to run sudo 
> on client-host.  This incident will be reported." I verified via the log 
> files that the client is making requests to the IPA server when the user is 
> attemping to use sudo and it fails.  I temporarily disabled using the IPA 
> server for sudo and I get the standard "User not in the sudoers file...." 
> Its starting to look like the server rules maybe the issue but I believe I 
> have the sudo rule setup correctly.  I created a sudo command "/bin/su", 
> created a sudo rule "Sudo to root" , added the group the user in question is 
> a part of to the WHO-->User Groups; Added the Host Group the target client 
> host is part of to Access This Host-->Host Groups and added the sudo command 
> to the sudo rule via Allow-->Sudo Allow Commands.  When I delete the sudo 
> rule I get the same result as I did when I temporarily disbled the client 
> host using tghe IPA server for sudo verification.
> Any ideas why or where to look to figure out this issue?
> Thanks,
> David 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

Freeipa-users mailing list

Reply via email to