On (19/09/16 16:43), Lachlan Musicman wrote: >I must have made an error again: > >- ipa hbactest gives seemingly correct answer on both server and client >- user can't actually use sudo on client? > >Centos 7, freeipa 4.2.o/2.156; sssd 1.14.1 from COPR > >>From the server: > >[root@vmdv-linuxidm1 ~]# ipa hbactest [email protected] >--host=vmts-linuxclient1.unixdev.petermac.org.au --service=sudo >-------------------- >Access granted: True >-------------------- > Matched rules: Cluster Admin Users (sudo) > Not matched rules: Cluster Users >[root@vmdv-linuxidm1 ~]# > > >>From the host in question: > >[root@vmts-linuxclient1 ~]# ipa hbactest --user [email protected] >--host `hostname` --service sudo >-------------------- >Access granted: True >-------------------- > Matched rules: Cluster Admin Users (sudo) > Not matched rules: Cluster Users >[root@vmts-linuxclient1 ~]# > > >[[email protected]@vmts-linuxclient1 ~]$ sudo reboot >[sudo] password for [email protected]: >[email protected] is not allowed to run sudo on vmts-linuxclient1. >This incident will be reported. > Did you configure sudo rules for such user? What is an output of "sudo -l"
LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
