Thank you so much Rob !
It works juste fine :)


Le 13 août 2013 à 14:42, Rob Crittenden <> a écrit :

> Alexandre Ellert wrote:
>> Hi,
>> I'm trying to get working a sudo rule for a group of user, basically if want 
>> to allow all the developers (dev-users) to become root on developers servers 
>> (dev-servers).
>> When this rule is applied to a single host or all hosts or severals named 
>> host, it works fine : dev-users can sudo without prompting for a password (I 
>> have sudo option !authenticate)
>> But if I apply the rule to the dev-servers group, it doesn't work : when a 
>> member of dev-users try to sudo, it prompt for a password and even the 
>> password is correct, password is asked again.
>> I use ipa-server-3.0.0-26.el6_4.4 and RHEL 6 and a custom Debian package for 
>> clients (based on freeipa 3.0.2).
>> I checked /etc/sudo-ldap.conf, /etc/nsswitch.conf and /etc/rc.local on 
>> clients and everything seems correct.
>> Do i missed something ?
>> Thanks for your help.
> hostgroups are visible as netgroups on client machines, so you need a working 
> netgroups configuration. You should have sss as a provider for netgroup in 
> /etc/nsswitch.conf and you need to set the NIS domain name via nisdomainname 
> (to match your domain name).
> You can test fetching a hostgroup as a netgroup with: getent netgroup 
> dev-users. It should look something like:
> dev-users             (,-, 
> (,-,
> rob

Freeipa-users mailing list

Reply via email to