On 07/29/2015 03:22 PM, Dewangga Bachrul Alam wrote:
> Hello!
>
> I'm using FreeIPA 4.1.x on CentOS 7, Is there any delay after applied
> some rules to specified user?
>
> [root@ipa ~]# ipa sudorule-show
> Rule name: wheel
> Rule name: Wheel
> Enabled: TRUE
> Host category: all
> Command category: all
> RunAs User category: all
> RunAs Group category: all
> Sudo order: 1
> Users: dewangga
> User Groups: wheel
> Sudo Option: !authenticate
>
>
> On ipa-client, user `dewangga` asking for password when execute command
> `sudo -l`
>
> [dewangga@sherief-repository ~]$ sudo -l
> [sudo] password for dewangga:
>
> Here is `ipa user-show dewangga` result :
>
> $ ipa user-show dewangga
> User login: dewangga
> First name: Dewangga
> Last name: Alam
> Home directory: /home/dewangga
> Login shell: /bin/bash
> Email address: [removed]
> UID: 642000001
> GID: 642000001
> Account disabled: False
> Password: False
> Member of groups: wheel
> Member of Sudo rule: Wheel
> Kerberos keys available: False
> SSH public key fingerprint: [removed] mahaesa-key (ssh-rsa)
>
> Any helps are appreciated.
> Thanks
I suspect that SSSD cache is in play. You can try to remove it ("man sss_cache"
or remove it manually "stop sssd, remove /var/lib/sss/db/* and start sssd
again").
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
