Bret Wortman wrote:
One some of my nodes, attempting to sudo yields this:

$ sudo su -
sudo: ldap_start_tls_s(): Connect error
[sudo] password for bretw:

When the policy for my account is set up for !authenticate on all systems.

On my own workstation, and most of our systems, it works just fine. But
on a few, this is happening. What's the best way to start debugging
this? I'm not looking for someone to do the work for me, but some
pointers to the right logfiles or extra flags would be helpful.

Add 'sudoers_debug: 2' to the sudo ldap configuration file.

Check the DS access log on the IPA server this connects to for SSL errors.

You should have these set:

ssl start_tls
tls_cacertfile /etc/ipa/ca.crt
tls_checkpeer yes


Freeipa-users mailing list

Reply via email to