Ok I've got a strange one going on. I just updated several machines to RHEL
6.7 and seem to have broken my sudo rules. I've tracked the problem down to
Default_domain_suffix = ad.domain
In the sssd.conf. If I remove that I can login using the fqn from AD and sudo
rules are applied as configured. However I don't want to force my users to
change to using their fqn to login, and due to having db2 in the environment
our usernames are limited to 8 characters so we cannot use the fqn regardless.
I testing adding a local sudo rule for %firstname.lastname@example.org and it
worked, but any IPA rules are not working.
Update installed sssd-1.12.4-47.el6.x86_64
*** This communication may contain privileged and/or confidential information.
It is intended solely for the use of the addressee. If you are not the intended
recipient, you are strictly prohibited from disclosing, copying, distributing
or using any of this information. If you received this communication in error,
please contact the sender immediately and destroy the material in its entirety,
whether electronic or hard copy. ***
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project