> What command did you use to get sudo options working please? 
> 
> I noticed from below mail that you have‎ 
> Sudo Option: !authenticate
> 
> I am having trouble getting that working
The first issue is what version of FreeIPA you are using. Before version 4 sudo 
rules don't work without some manual setup on the client:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/config-sudo-clients.html#example-configuring-sudo-sss
 .

If the client is setup correctly, then I found issues with sssd caching, and in 
particular the sss_cache command doesn't invalidate the cache of sudo rules 
yet. Once I reduced the default cache time for sssd I could see my sudo rule 
changes working on the client.
I also had a problem with using host groups as part of the sudo rule, and this 
was down to the netgroup seen by the client having fully-qualified host names, 
while the hostname command on the client was only returning the short hostname 
- but this was down to the way OpenStack creates instances by default, not an 
issue with FreeIPA per se.

Chris                                     
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to