hi, I setup a sudo config in client ipa and set rule in ipa server. sudo rules from ipa are not found : it return 0 rules for the user
This config is ambiguous. Is there a method to check if everything is OK ? The best way for this moment is to set debug_level on sssd. But I'm not sure that the problem come from there. (Fri Mar 27 14:12:36 2015) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x1cba830 "ltdb_callback" (Fri Mar 27 14:12:36 2015) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=my_user)(sudoUser=#1600001)(sudoUser=%utilisateur_a)(sudoUser=%adupont)(sudoUser=+*)))] (Fri Mar 27 14:12:36 2015) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1cb9000 (Fri Mar 27 14:12:36 2015) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1cb9240 (Fri Mar 27 14:12:36 2015) [sssd[sudo]] [ldb] (0x4000): Destroying timer event 0x1cb9240 "ltdb_timeout" (Fri Mar 27 14:12:36 2015) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x1cb9000 "ltdb_callback" (Fri Mar 27 14:12:36 2015) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 0 rules for [my_user@my_domain.com] (Fri Mar 27 14:12:36 2015) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1cb30e0][18] My client config : [domain/my_domain.com] debug_level = 6 cache_credentials = True krb5_store_password_if_offline = True krb5_realm = MY_IDMDOMAIN.COM ipa_domain = my_domain.com id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = myserver.my_domain.com chpass_provider = ipa ipa_server = _srv_, idm.my_domain.com ldap_tls_cacert = /etc/ipa/ca.crt [sssd] services = nss, pam, ssh, sudo config_file_version = 2 domains = addcnet.com [nss] [pam] [sudo] debug_level = 9 [autofs] [ssh] [pac] ---- server redhat : LINUX 6.4
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
