On Mon, Aug 25, 2014 at 12:12:26PM +0200, Dmitri Pal wrote:
> On 08/25/2014 12:01 PM, alireza baghery wrote:
> >i integrated AD windows 208 R2 with IPA server (centos 6.5)
> >i write a sudo policy and access for specified user and host with allow
> >any command.
> >user can execute sudo in centos 7 but when user loggin on centos 6.5 can
> >not execute sudo and get error below
> >user@AD is not in sudoers file.
> >i configure /etc/nsswitch.conf --sudoers: file sss
> >/etc/sss/sss.conf----service nss, pam,ssh,sudo
> >/etc/sysconfig/network ----- NISDOMAIN=ad.com <http://ad.com>
> AFAIR there was a bug in 6.5 around sudo and AD users, it has been fixed in
> fedora but I am not sure it made its way into all distros yet.
Yes, it would be best if you could run both sudo and with more debugging
For sudo logs, something like:
Debug sudo /tmp/sudo_debug all@debug
Should produce pretty verbose logs
SSSD debug_level should be enabled in [sudo] and [domain] sections.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project