Thanks Jakub/Lukas,

Setting the right cache timeout fix the issue. "man sssd-sudo" really
helped us. Thanks again for the suggestion.



*Best Regards,*

*__________________________________________*

*Yogesh Sharma*
*Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in
<http://www.initd.in/> *

*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

<https://www.fb.com/yks0000>   <http://in.linkedin.com/in/yks0000>
<https://twitter.com/checkwithyogesh>
<http://google.com/+YogeshSharmaOnGooglePlus>

On Wed, Aug 12, 2015 at 11:22 AM, Lukas Slebodnik <lsleb...@redhat.com>
wrote:

> On (11/08/15 20:53), Jakub Hrozek wrote:
> >On Tue, Aug 11, 2015 at 09:29:46PM +0530, Yogesh Sharma wrote:
> >> Yes Jakub...That was the issue. We have fixed it and update to List.
> >>
> >> Thanks Jakub.
> >>
> >> Would like to have one suggestion.
> >>
> >> We have implemented sudo, but every time we need to restart sssd to take
> >> the changes. We have try implementing the cache timeout also, but not
> >> working as expected.
> >>
> >> Any other config changes required?
> >
> >No, this is not expected. Can you get logs after you've added the sudo
> >rule but before the client is restarted in order to capture the issue?
> >It would be best to add debug_level=7 to sudo, nss and domain sections.
> >
> I thought it is an side effect of sudo rule caching mechanism
> and periodic tasks. So it might be an expected behaviour.
>
> Periodic task are fired few seconds after start of sssd.
> It might explain why restarting sssd works.
>
> @see more details in man sssd-sudo -> "THE SUDO RULE CACHING MECHANISM"
>
> LS
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to