HI, thanks for your information. I have validated logs.
i destroyed the current kerberos ticket and re-initiated, then the issue solved. Regards, Ben On Tue, Dec 20, 2016 at 2:24 PM, Jakub Hrozek <[email protected]> wrote: > On Tue, Dec 20, 2016 at 01:19:15PM +0300, Ben .T.George wrote: > > Hi List, > > > > please help me to implement sudo rules. > > > > i have did below steps and still not working for me. > > > > 1. created "Sudo Command Groups" > > 2. Added some command (/bin/yum) and included in sudo group > > 3. created "sudo Rule" on that > > * added sudo Option as "!authenticate" > > * Added User Group. > > * Added one Host > > * And under Run command, selected the Sudo Rule Group. > > 4. entry on nsswitch.conf : sudoers: files sss > > 5. entry on sssd.conf : services = nss, sudo, pam, ssh > > > > and i tried removing "!authenticate" and changed to Anyone, Any Host and > Any > > Command, > > Also under As Whom to Anyone and Any Group > > - I tried logout and login again on client with IPA user which is member > of > > user group. > > > > When i am running yum, getting error that user is not allowed to execute > > command. > > > > > > Please anyone help to correct my steps. > > > > Regards > > Ben > > Please follow: > https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO > especially the sudo logs are often helpful to see what rules is sssd > returning to sudo. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
