It seems sudo su - for admins nolonger works

[jonesst1@8kxl72s ~]$ ssh's password: Last login: Thu Feb 28 
11:33:11 2013 from Kickstarted on 2012-07-27 ORACLE_BASE 
environment variable is not being set since this information is not available 
for the current user ID jonesst1. You can set ORACLE_BASE manually if it is 
required. Running /apps/sct/banner8/admin/banenv... [jonesst1@vuwunicobandbd1 
~]$ sudo su - LDAP Config Summary =================== uri 
ldap:// ldap_version 3 sudoers_base 
ou=SUDOers,dc=ods,dc=vuw,dc=ac,dc=nz binddn 
uid=sudo,cn=sysaccounts,cn=etc,dc=ods,dc=vuw,dc=ac,dc=nz bindpw www.apac.c0m 
bind_timelimit 5000000 ssl start_tls tls_checkpeer (no) tls_cacertfile 
/etc/ipa/ca.crt =================== sudo: ldap_set_option: debug -> 0 sudo: 
ldap_set_option: tls_checkpeer -> 0 sudo: ldap_set_option: tls_cacertfile -> 
/etc/ipa/ca.crt sudo: ldap_set_option: tls_cacert -> /etc/ipa/ca.crt sudo: 
ldap_initialize(ld, ldap:// sudo: 
ldap_set_option: ldap_version -> 3 sudo: 
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5000) sudo: ldap_start_tls_s() ok 
sudo: ldap_sasl_bind_s() ok sudo: no default options found in 
ou=SUDOers,dc=ods,dc=vuw,dc=ac,dc=nz sudo: ldap search 
 sudo: found:cn=su-sudo-su-test,ou=sudoers,dc=ods,dc=vuw,dc=ac,dc=nz sudo: ldap 
sudoHost '' ... not sudo: 
found:cn=su-server-ops-admin,ou=sudoers,dc=ods,dc=vuw,dc=ac,dc=nz sudo: ldap 
sudoHost '+servers' ... not sudo: ldap search 'sudoUser=+*' sudo: 
user_matches=1 sudo: host_matches=0 sudo: sudo_ldap_lookup(0)=0x40 [sudo] 
password for jonesst1:

I get a host match failure, nisdomainname and domainname match

[root@vuwunicobandbd1 sssd]# domainname
[root@vuwunicobandbd1 sssd]# nisdomainname
[root@vuwunicobandbd1 sssd]# getent netgroup servers

but getent fails to return as above.  This was working in August but it seems 
that on all the RHEL6 servers sudo su - no longer works.

any ideas please?


Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

Freeipa-users mailing list

Reply via email to