On 06/05/2015 03:14 PM, Sina Owolabi wrote:
Odd, sssd sudo up and started working properly after I added debug to
the clients I was interested in.
I didnt see any errors in the logs at all.


This may indicate a race condition. Does it hang up again if you disable debugging?


Very strange. Thanks everyone.

On Thu, Jun 4, 2015 at 7:36 PM, Pavel Brezina <pbrez...@redhat.com> wrote:
Hi,
please put the following line to /etc/sudo.conf to obtain sudo logs and send us 
the file:
Debug sudo /var/log/sudo_debug all@trace

----- Original Message -----
From: "Martin Kosek" <mko...@redhat.com>
To: "Sina Owolabi" <notify.s...@gmail.com>
Cc: "Cory Carlton" <c...@pithoslabs.com>, freeipa-users@redhat.com, "Pavel Brezina" 
<pbrez...@redhat.com>, "Jakub
Hrozek" <jhro...@redhat.com>
Sent: Thursday, June 4, 2015 5:15:04 PM
Subject: Re: [Freeipa-users] Sudo hangs after reenrollment of some servers in 
fresh IPA domain

On 06/04/2015 05:13 PM, Sina Owolabi wrote:
Hi Martin

I have deleted everything in /var/lib/sss/db/ and restarted sssd,
no luck.

In that case, I am afraid you might need to enable sudo and SSSD debug
(https://fedorahosted.org/sssd/wiki/Troubleshooting) and see where it hans.
Also CCing sudo/sssd SMEs to be aware.


On Thu, Jun 4, 2015 at 4:10 PM, Martin Kosek <mko...@redhat.com> wrote:
On 06/04/2015 05:06 PM, Cory Carlton wrote:
I would check for DNS resolution from the machine executing the sudo, to
the IPA server.

I would also suggest cleaning SSSD caches, since you reinstalled against
the
same domain, but actually different server (/var/lib/sss/db/)

On Thu, Jun 4, 2015 at 9:54 AM, Sina Owolabi <notify.s...@gmail.com>
wrote:

Hi

I recently had to remove and reinstall a fresh IPA server. I am
currently re-enrolling all the ipa clients to the recently refreshed
domain (same name as the previous realm and domain). The new IPA
master is RHEL7.1 with IPA 4.1.3.

All client servers are running RHEL6.6.

I also have sudorule that allows a group to have access to run all
commands on all servers:

   Rule name: All
   Enabled: TRUE
   Host category: all
   Command category: all
   User Groups: superusers
   Sudo Option: !authenticate
----------------------------

I noticed that trying to run sudo on a few of the servers makes the
command hang indefinitely.
I am not sure what is the cause and where to look. Please what can I
do to troubleshoot and fix this?

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project








--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to