> -----Original Message-----
> From: Jakub Hrozek [mailto:jhro...@redhat.com]
> Sent: Friday, September 18, 2015 4:42 AM
> To: Andy Thompson <andy.thomp...@e-tcc.com>
> Cc: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] rhel 6.7 upgrade - sssd/sudo
> 
> On Thu, Sep 17, 2015 at 11:42:54AM +0000, Andy Thompson wrote:
> > I've narrowed it down a bit doing some testing.  The sudo rules work when
> I remove the user group restriction from them.  My sudo rules all have my ad
> groups in the rule
> >
> >   Rule name: ad_linux_admins
> >   Enabled: TRUE
> >   Host category: all
> >   Command category: all
> >   RunAs User category: all
> >   RunAs Group category: all
> >   User Groups: ad_linux_admins  <- if I remove this then the rule gets
> applied
> 
> Nice catch. Is the group visible after you login and run id?

Ya the groups show up for the users using id

[athompson@mhbenp.local@mdhixuatsmtp01 ~]$ id
uid=1506401106(athompson@mhbenp.local) gid=1506401106(athompson@mhbenp.local) 
groups=1506401106(athompson@mhbenp.local),1249000010(ad_linux_admins),1506400512(domain
 admins@mhbenp.local),1506400513(domain users@mhbenp.local),1506401124(admin 
vpn users@mhbenp.local),1506401239(linux admins@mhbenp.local)

> 
> What is the exact IPA server version?


Installed Packages
ipa-server.x86_64                                                               
    4.1.0-18.el7_1.4                                              


thanks

-andy


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to