Update with success! (but embarrassment)

I apologize for putting everyone through the ringer on this one.  Here is what 
I found.

I mentioned at one point that my domainname/nisdomainname/dnsdomainname did not 
all return my correct domain, but that I had fixed this. As it turned out, I 
had a typo in my rc.local file.  Fixing them so they return the correct value 
is not enough to fix sudo.  I ran ipa-client --uninstall  -->> yum remove 
ipa-client -->> yum install ipa-client -->> ipa-client-install and re-enrolled 
my client without making any other changes.  Apparently, something does not 
translate properly during the enroll process if your domain is not set properly 
in the rc.local file.  Everything is now working just as I would expect it to!

Again, thank you everyone for your assistance!


-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com] 
Sent: Wednesday, October 17, 2012 3:44 PM
To: Macklin, Jason {DASB~Branford}
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Sudo works for full access, but not on a per 
command or host level.

Can you confirm that you have sudoer_debug set to 2?

If I gather correctly, this is on RHEL 6.3? What version of sudo?

I'm seeing different output. Mine includes the number of candidate results for 
sudoUser are found.

If you watch /var/log/dirsrv/slapd-REALM/access on your IPA server you'll be 
able to see the LDAP searches the sudo client is making. The log is buffered so 
you won't see them immediately. Can you send us the queries that are being made?



Freeipa-users mailing list

Reply via email to