On (17/04/15 11:32), Andrew Sacamano wrote:
>I've spent a couple of days digging around the web, watching logs, and
>poking things, and I'm stuck getting sudo working with IPA on a new box
>I've just set up. I have had it working in the past on a test box, but
>something about this box is blocking me, and I can't for the life of me
>figure out what.
>The basic symptom is that I can log into the Ubuntu box as an IPA user, but
>sudo is always denied:
>[root@security-core-1 log]# ssh dru@jenkins
>Could not chdir to home directory /home/dru: No such file or directory
>dru@jenkins:/$ sudo -l
>[sudo] password for dru:
>Sorry, user dru may not run sudo on jenkins.
>I've appended version output, config files, sample logs, and ipa config -
>which I think is all of the relevant material, but I'll gladly share more
>if it's needed.
>Thanks so much in advance for any debugging advice, hints, or help!
I looked to the configuration files and they look good.
I have few hints which might help you with troubleshooting
* please ensure you have installed package sudo and not sudo-ldap.
The second one is not build with sssd support.
* please read about sudo caching in sssd
man sssd-sudo -> THE SUDO RULE CACHING MECHANISM
* please test simple sudo rules first.
(all hosts, one user instead of groups, ...)
* check whether sudo rules are cached by sssd (use ldb-tools)
If previous hints does not help then you need to enable
debugging in sudo and analyse log file.
@see slide 18 in presentation
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project