Ok I've got a strange one going on. I just updated several machines to RHEL 6.7 and seem to have broken my sudo rules. I've tracked the problem down to having
Default_domain_suffix = ad.domain In the sssd.conf. If I remove that I can login using the fqn from AD and sudo rules are applied as configured. However I don't want to force my users to change to using their fqn to login, and due to having db2 in the environment our usernames are limited to 8 characters so we cannot use the fqn regardless. I testing adding a local sudo rule for %ad_domain_group@ipa.domain and it worked, but any IPA rules are not working. Update installed sssd-1.12.4-47.el6.x86_64 -andy *** This communication may contain privileged and/or confidential information. It is intended solely for the use of the addressee. If you are not the intended recipient, you are strictly prohibited from disclosing, copying, distributing or using any of this information. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. *** -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
