Thanks Jakub/Lukas, Setting the right cache timeout fix the issue. "man sssd-sudo" really helped us. Thanks again for the suggestion.
*Best Regards,* *__________________________________________* *Yogesh Sharma* *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in <http://www.initd.in/> * *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000> <https://twitter.com/checkwithyogesh> <http://google.com/+YogeshSharmaOnGooglePlus> On Wed, Aug 12, 2015 at 11:22 AM, Lukas Slebodnik <lsleb...@redhat.com> wrote: > On (11/08/15 20:53), Jakub Hrozek wrote: > >On Tue, Aug 11, 2015 at 09:29:46PM +0530, Yogesh Sharma wrote: > >> Yes Jakub...That was the issue. We have fixed it and update to List. > >> > >> Thanks Jakub. > >> > >> Would like to have one suggestion. > >> > >> We have implemented sudo, but every time we need to restart sssd to take > >> the changes. We have try implementing the cache timeout also, but not > >> working as expected. > >> > >> Any other config changes required? > > > >No, this is not expected. Can you get logs after you've added the sudo > >rule but before the client is restarted in order to capture the issue? > >It would be best to add debug_level=7 to sudo, nss and domain sections. > > > I thought it is an side effect of sudo rule caching mechanism > and periodic tasks. So it might be an expected behaviour. > > Periodic task are fired few seconds after start of sssd. > It might explain why restarting sssd works. > > @see more details in man sssd-sudo -> "THE SUDO RULE CACHING MECHANISM" > > LS >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project