Hi, please put the following line to /etc/sudo.conf to obtain sudo logs and send us the file: Debug sudo /var/log/sudo_debug all@trace
----- Original Message ----- > From: "Martin Kosek" <mko...@redhat.com> > To: "Sina Owolabi" <notify.s...@gmail.com> > Cc: "Cory Carlton" <c...@pithoslabs.com>, freeipa-users@redhat.com, "Pavel > Brezina" <pbrez...@redhat.com>, "Jakub > Hrozek" <jhro...@redhat.com> > Sent: Thursday, June 4, 2015 5:15:04 PM > Subject: Re: [Freeipa-users] Sudo hangs after reenrollment of some servers in > fresh IPA domain > > On 06/04/2015 05:13 PM, Sina Owolabi wrote: > > Hi Martin > > > > I have deleted everything in /var/lib/sss/db/ and restarted sssd, > > no luck. > > In that case, I am afraid you might need to enable sudo and SSSD debug > (https://fedorahosted.org/sssd/wiki/Troubleshooting) and see where it hans. > Also CCing sudo/sssd SMEs to be aware. > > > > > On Thu, Jun 4, 2015 at 4:10 PM, Martin Kosek <mko...@redhat.com> wrote: > >> On 06/04/2015 05:06 PM, Cory Carlton wrote: > >>> I would check for DNS resolution from the machine executing the sudo, to > >>> the IPA server. > >> > >> I would also suggest cleaning SSSD caches, since you reinstalled against > >> the > >> same domain, but actually different server (/var/lib/sss/db/) > >> > >>> On Thu, Jun 4, 2015 at 9:54 AM, Sina Owolabi <notify.s...@gmail.com> > >>> wrote: > >>> > >>>> Hi > >>>> > >>>> I recently had to remove and reinstall a fresh IPA server. I am > >>>> currently re-enrolling all the ipa clients to the recently refreshed > >>>> domain (same name as the previous realm and domain). The new IPA > >>>> master is RHEL7.1 with IPA 4.1.3. > >>>> > >>>> All client servers are running RHEL6.6. > >>>> > >>>> I also have sudorule that allows a group to have access to run all > >>>> commands on all servers: > >>>> > >>>> Rule name: All > >>>> Enabled: TRUE > >>>> Host category: all > >>>> Command category: all > >>>> User Groups: superusers > >>>> Sudo Option: !authenticate > >>>> ---------------------------- > >>>> > >>>> I noticed that trying to run sudo on a few of the servers makes the > >>>> command hang indefinitely. > >>>> I am not sure what is the cause and where to look. Please what can I > >>>> do to troubleshoot and fix this? > >>>> > >>>> -- > >>>> Manage your subscription for the Freeipa-users mailing list: > >>>> https://www.redhat.com/mailman/listinfo/freeipa-users > >>>> Go to http://freeipa.org for more info on the project > >>>> > >>> > >>> > >>> > >> > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project