On 07/29/2015 03:22 PM, Dewangga Bachrul Alam wrote: > Hello! > > I'm using FreeIPA 4.1.x on CentOS 7, Is there any delay after applied > some rules to specified user? > > [root@ipa ~]# ipa sudorule-show > Rule name: wheel > Rule name: Wheel > Enabled: TRUE > Host category: all > Command category: all > RunAs User category: all > RunAs Group category: all > Sudo order: 1 > Users: dewangga > User Groups: wheel > Sudo Option: !authenticate > > > On ipa-client, user `dewangga` asking for password when execute command > `sudo -l` > > [dewangga@sherief-repository ~]$ sudo -l > [sudo] password for dewangga: > > Here is `ipa user-show dewangga` result : > > $ ipa user-show dewangga > User login: dewangga > First name: Dewangga > Last name: Alam > Home directory: /home/dewangga > Login shell: /bin/bash > Email address: [removed] > UID: 642000001 > GID: 642000001 > Account disabled: False > Password: False > Member of groups: wheel > Member of Sudo rule: Wheel > Kerberos keys available: False > SSH public key fingerprint: [removed] mahaesa-key (ssh-rsa) > > Any helps are appreciated. > Thanks
I suspect that SSSD cache is in play. You can try to remove it ("man sss_cache" or remove it manually "stop sssd, remove /var/lib/sss/db/* and start sssd again"). -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project