On Tue, Oct 16, 2012 at 10:50 PM, JR Aquino <jr.aqu...@citrix.com> wrote:

> On the host in question Run the command: domainname
> That wants to match whatever your domain is. If it doesn't it will fail
> even if you have all the server rules configured correctly. This is a sudo
> + netgroups/hostgroups 'feature'
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Jr Aquino | Sr. Information Security Specialist
> GIAC Certified Incident Handler | GIAC WebApp Penetration Tester
> Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
> T:  +1 805.690.3478
> C: +1 805.717.0365
> jr.aqu...@citrixonline.com
> http://www.citrixonline.com
> On Oct 16, 2012, at 2:26 PM, "Toasted Penguin" <
> toastedpenguini...@gmail.com> wrote:
> > I have the server setup to manage sudo and I configured a target client
> to use the IPA server for sudo.  When a user tries to use sudo (in this
> case "sudo su -") it fails and they get the error "user is not allowed to
> run sudo on client-host.  This incident will be reported." I verified via
> the log files that the client is making requests to the IPA server when the
> user is attemping to use sudo and it fails.  I temporarily disabled using
> the IPA server for sudo and I get the standard "User not in the sudoers
> file...."
> >
> > Its starting to look like the server rules maybe the issue but I believe
> I have the sudo rule setup correctly.  I created a sudo command "/bin/su",
> created a sudo rule "Sudo to root" , added the group the user in question
> is a part of to the WHO-->User Groups; Added the Host Group the target
> client host is part of to Access This Host-->Host Groups and added the sudo
> command to the sudo rule via Allow-->Sudo Allow Commands.  When I delete
> the sudo rule I get the same result as I did when I temporarily disbled the
> client host using tghe IPA server for sudo verification.
> >
> > Any ideas why or where to look to figure out this issue?
> >
> > Thanks,
> > David
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users@redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
Executing domainname results in the correct domain for theFreeIPA service.
Freeipa-users mailing list

Reply via email to