We are seeing the same problem (correct group membership; matching HBAC
rules retrieved by sssd and rejected by sudo) on a new Ubuntu 16.04
client joining a realm of existing (and working) Ubuntu 15.10 hosts,
despite identical "/etc/sssd/sssd.conf" files.

Master:

    root@hades:~# cat /etc/lsb-release
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=15.10
    DISTRIB_CODENAME=wily
    DISTRIB_DESCRIPTION="Ubuntu 15.10"
    root@hades:~# ipa --version
    VERSION: 4.1.4, API_VERSION: 2.114


Existing (working) client:

    root@orange1:~# cat /etc/lsb-release
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=15.10
    DISTRIB_CODENAME=wily
    DISTRIB_DESCRIPTION="Ubuntu 15.10"
    root@orange1:~# ipa-client-install --version
    4.1.4
    root@orange1:~# sssd --version
    1.12.5


New (broken) client:

    root@orange4:~# cat /etc/lsb-release
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=16.04
    DISTRIB_CODENAME=xenial
    DISTRIB_DESCRIPTION="Ubuntu 16.04.1 LTS"
    root@orange4:~# ipa-client-install --version
    4.3.1
    root@orange4:~# sssd --version
    1.13.4


I too would be grateful for any advice.  The relevant parts of our logs
corroborate what John has reported in this thread, but I can provide
excerpts if that would be helpful.


    --- Cory.


-- 
Cory Myers
Systems Engineer
Trinity Mobile Networks

Attachment: pgpX5YwGdSuZp.pgp
Description: PGP signature

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to