Hi, I am having one of those really annoying pesky troubles.
I add clients to freeipa but the first time I am logging in and trying to sudo with my freeipa credentials the sudo is not working. If I restart the SSSD process this usually fixes it but not always. Im going to try and do some systematic tests and collect some logs but I thought someone might have a clue. I noticed that when I was using "ldap_uri = _srv_" vs "ldap_uri = ldap://address" I was getting the same problem so I am thinking its a DNS lookup glitch? Cheers, Andrew [domain/cloud.domain.de] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = cloud.domain.de id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = test-freeipa-client-3.cloud.domain.de chpass_provider = ipa ipa_dyndns_update = True #check DNS SRV record for ipa service location. ipa_server = _srv_ ldap_tls_cacert = /etc/ipa/ca.crt # For the SUDO integration sudo_provider = ipa #ldap_uri = _srv_ #ldap_sudo_search_base = ou=sudoers,dc=cloud,dc=domain,dc=de #ldap_sasl_mech = GSSAPI #ldap_sasl_authid = host/test-freeipa-client-3.cloud.domain.de #ldap_sasl_realm = CLOUD.DOMAIN.DE #krb5_server = _srv_ debug_level = 9 [sssd] services = nss, pam, ssh, sudo config_file_version = 2 domains = cloud.domain.de debug_level = 9 [nss] [pam] [sudo] [autofs] [ssh] [pac]
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project