Odd, sssd sudo up and started working properly after I added debug to the clients I was interested in. I didnt see any errors in the logs at all.
Very strange. Thanks everyone. On Thu, Jun 4, 2015 at 7:36 PM, Pavel Brezina <[email protected]> wrote: > Hi, > please put the following line to /etc/sudo.conf to obtain sudo logs and send > us the file: > Debug sudo /var/log/sudo_debug all@trace > > ----- Original Message ----- >> From: "Martin Kosek" <[email protected]> >> To: "Sina Owolabi" <[email protected]> >> Cc: "Cory Carlton" <[email protected]>, [email protected], "Pavel >> Brezina" <[email protected]>, "Jakub >> Hrozek" <[email protected]> >> Sent: Thursday, June 4, 2015 5:15:04 PM >> Subject: Re: [Freeipa-users] Sudo hangs after reenrollment of some servers >> in fresh IPA domain >> >> On 06/04/2015 05:13 PM, Sina Owolabi wrote: >> > Hi Martin >> > >> > I have deleted everything in /var/lib/sss/db/ and restarted sssd, >> > no luck. >> >> In that case, I am afraid you might need to enable sudo and SSSD debug >> (https://fedorahosted.org/sssd/wiki/Troubleshooting) and see where it hans. >> Also CCing sudo/sssd SMEs to be aware. >> >> > >> > On Thu, Jun 4, 2015 at 4:10 PM, Martin Kosek <[email protected]> wrote: >> >> On 06/04/2015 05:06 PM, Cory Carlton wrote: >> >>> I would check for DNS resolution from the machine executing the sudo, to >> >>> the IPA server. >> >> >> >> I would also suggest cleaning SSSD caches, since you reinstalled against >> >> the >> >> same domain, but actually different server (/var/lib/sss/db/) >> >> >> >>> On Thu, Jun 4, 2015 at 9:54 AM, Sina Owolabi <[email protected]> >> >>> wrote: >> >>> >> >>>> Hi >> >>>> >> >>>> I recently had to remove and reinstall a fresh IPA server. I am >> >>>> currently re-enrolling all the ipa clients to the recently refreshed >> >>>> domain (same name as the previous realm and domain). The new IPA >> >>>> master is RHEL7.1 with IPA 4.1.3. >> >>>> >> >>>> All client servers are running RHEL6.6. >> >>>> >> >>>> I also have sudorule that allows a group to have access to run all >> >>>> commands on all servers: >> >>>> >> >>>> Rule name: All >> >>>> Enabled: TRUE >> >>>> Host category: all >> >>>> Command category: all >> >>>> User Groups: superusers >> >>>> Sudo Option: !authenticate >> >>>> ---------------------------- >> >>>> >> >>>> I noticed that trying to run sudo on a few of the servers makes the >> >>>> command hang indefinitely. >> >>>> I am not sure what is the cause and where to look. Please what can I >> >>>> do to troubleshoot and fix this? >> >>>> >> >>>> -- >> >>>> Manage your subscription for the Freeipa-users mailing list: >> >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >> >>>> Go to http://freeipa.org for more info on the project >> >>>> >> >>> >> >>> >> >>> >> >> >> >> -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
