It seems sudo su - for admins nolonger works

=====
[jonesst1@8kxl72s ~]$ ssh vuwunicobandbd1.ods.vuw.ac.nz 
jones...@vuwunicobandbd1.ods.vuw.ac.nz's password: Last login: Thu Feb 28 
11:33:11 2013 from 130.195.245.249 Kickstarted on 2012-07-27 ORACLE_BASE 
environment variable is not being set since this information is not available 
for the current user ID jonesst1. You can set ORACLE_BASE manually if it is 
required. Running /apps/sct/banner8/admin/banenv... [jonesst1@vuwunicobandbd1 
~]$ sudo su - LDAP Config Summary =================== uri 
ldap://vuwunicoipam001.ods.vuw.ac.nz ldap_version 3 sudoers_base 
ou=SUDOers,dc=ods,dc=vuw,dc=ac,dc=nz binddn 
uid=sudo,cn=sysaccounts,cn=etc,dc=ods,dc=vuw,dc=ac,dc=nz bindpw www.apac.c0m 
bind_timelimit 5000000 ssl start_tls tls_checkpeer (no) tls_cacertfile 
/etc/ipa/ca.crt =================== sudo: ldap_set_option: debug -> 0 sudo: 
ldap_set_option: tls_checkpeer -> 0 sudo: ldap_set_option: tls_cacertfile -> 
/etc/ipa/ca.crt sudo: ldap_set_option: tls_cacert -> /etc/ipa/ca.crt sudo: 
ldap_initialize(ld, ldap://vuwunicoipam001.ods.vuw.ac.nz) sudo: 
ldap_set_option: ldap_version -> 3 sudo: 
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5000) sudo: ldap_start_tls_s() ok 
sudo: ldap_sasl_bind_s() ok sudo: no default options found in 
ou=SUDOers,dc=ods,dc=vuw,dc=ac,dc=nz sudo: ldap search 
'(|(sudoUser=jonesst1)(sudoUser=%jonesst1)(sudoUser=%svnuser)(sudoUser=%ipausers)(sudoUser=%desktop-admins-test)(sudoUser=%steven-desktop)(sudoUser=%its-ops-servers)(sudoUser=%its-research-users-servers)(sudoUser=ALL))'
 sudo: found:cn=su-sudo-su-test,ou=sudoers,dc=ods,dc=vuw,dc=ac,dc=nz sudo: ldap 
sudoHost 'vuwunicosas0002.ods.vuw.ac.nz' ... not sudo: 
found:cn=su-server-ops-admin,ou=sudoers,dc=ods,dc=vuw,dc=ac,dc=nz sudo: ldap 
sudoHost '+servers' ... not sudo: ldap search 'sudoUser=+*' sudo: 
user_matches=1 sudo: host_matches=0 sudo: sudo_ldap_lookup(0)=0x40 [sudo] 
password for jonesst1:
=====

I get a host match failure, nisdomainname and domainname match

========
[root@vuwunicobandbd1 sssd]# domainname
ods.vuw.ac.nz
[root@vuwunicobandbd1 sssd]# nisdomainname
ods.vuw.ac.nz
[root@vuwunicobandbd1 sssd]# getent netgroup servers
servers
=======

but getent fails to return as above.  This was working in August but it seems 
that on all the RHEL6 servers sudo su - no longer works.

any ideas please?


regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to