Ok I've got a strange one going on.  I just updated several machines to RHEL 
6.7 and seem to have broken my sudo rules.  I've tracked the problem down to 

Default_domain_suffix = ad.domain

In the sssd.conf.  If I remove that I can login using the fqn from AD and sudo 
rules are applied as configured.  However I don't want to force my users to 
change to using their fqn to login, and due to having db2 in the environment 
our usernames are limited to 8 characters so we cannot use the fqn regardless.

I testing adding a local sudo rule for %ad_domain_group@ipa.domain and it 
worked, but any IPA rules are not working.

Update installed sssd-1.12.4-47.el6.x86_64


*** This communication may contain privileged and/or confidential information. 
It is intended solely for the use of the addressee. If you are not the intended 
recipient, you are strictly prohibited from disclosing, copying, distributing 
or using any of this information. If you received this communication in error, 
please contact the sender immediately and destroy the material in its entirety, 
whether electronic or hard copy. ***

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to