hi,

I setup a sudo config in client ipa and set rule in ipa server.
sudo rules from ipa are not found : it return 0 rules for the user

This config is ambiguous. Is there a method to check if everything is OK ?
The best way for this moment is to set debug_level on sssd. But I'm not
sure that the problem come from there.


(Fri Mar 27 14:12:36 2015) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1cba830 "ltdb_callback"

(Fri Mar 27 14:12:36 2015) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=my_user)(sudoUser=#1600001)(sudoUser=%utilisateur_a)(sudoUser=%adupont)(sudoUser=+*)))]
(Fri Mar 27 14:12:36 2015) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1cb9000

(Fri Mar 27 14:12:36 2015) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1cb9240

(Fri Mar 27 14:12:36 2015) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1cb9240 "ltdb_timeout"

(Fri Mar 27 14:12:36 2015) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1cb9000 "ltdb_callback"

(Fri Mar 27 14:12:36 2015) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
(0x0400): Returning 0 rules for [my_user@my_domain.com]
(Fri Mar 27 14:12:36 2015) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x1cb30e0][18]


My client config :
[domain/my_domain.com]
debug_level = 6
cache_credentials = True
krb5_store_password_if_offline = True
krb5_realm = MY_IDMDOMAIN.COM
ipa_domain = my_domain.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = myserver.my_domain.com
chpass_provider = ipa
ipa_server = _srv_, idm.my_domain.com
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, pam, ssh, sudo
config_file_version = 2

domains = addcnet.com
[nss]

[pam]

[sudo]
debug_level = 9

[autofs]

[ssh]

[pac]

----
server redhat : LINUX 6.4
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to