On Mon, Aug 25, 2014 at 12:12:26PM +0200, Dmitri Pal wrote:
> On 08/25/2014 12:01 PM, alireza baghery wrote:
> >hi
> >i integrated AD windows 208 R2 with IPA server (centos 6.5)
> >i write a sudo policy and access for specified user and host with allow
> >any command.
> >user can execute sudo in centos 7 but when user loggin on centos 6.5 can
> >not execute sudo and get error below
> >user@AD is not in sudoers file.
> >i configure /etc/nsswitch.conf --sudoers: file sss
> >/etc/sss/sss.conf----service nss, pam,ssh,sudo
> >/etc/sysconfig/network ----- NISDOMAIN=ad.com <http://ad.com>
> >
> >
> >
> 
> AFAIR there was a bug in 6.5 around sudo and AD users, it has been fixed in
> fedora but I am not sure it made its way into all distros yet.

Yes, it would be best if you could run both sudo and with more debugging
enabled.

For sudo logs, something like:
               Debug sudo /tmp/sudo_debug all@debug
Should produce pretty verbose logs

SSSD debug_level should be enabled in [sudo] and [domain] sections.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to