On (14/07/16 12:43), Tomas Simecek wrote: >Thanks Lukas, >to be honest I am not sure what do you mean by "Please test with id >[email protected]." >It is the user I am testing with all the time. > >Here is what I see on client where sudo does not work: >[[email protected]@zp-cml-test ~]$ id >uid=988604700([email protected]) gid=988604700([email protected]) >groups=988604700([email protected]),431200004(grpunixadmins),988600513(domain >[email protected]),988604182([email protected]),988604754([email protected] >),988604825([email protected]),988604833([email protected]) > hmm, the user is member of grpunixadmins. Then I wonder why sssd could not find a sudo rules for the user.
I would like to see full log file + dump of sssd cache. Please: * clean cache and log files on client rm -f /var/lib/sss/db/* /var/log/sssd/* * enable debug_level=9 in domain section and sudo * restart sssd * authernticate with [email protected] * try sudo. * send all sssd log files * provide dump of sssd cache ldbsearch -H /var/lib/sss/db/cache_$domain.ldb (utility ldbsearch is part of package ldb-tools LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
