HI,

thanks for your information. I have validated logs.

i destroyed the current kerberos ticket and re-initiated, then the issue
solved.

Regards,
Ben

On Tue, Dec 20, 2016 at 2:24 PM, Jakub Hrozek <jhro...@redhat.com> wrote:

> On Tue, Dec 20, 2016 at 01:19:15PM +0300, Ben .T.George wrote:
> > Hi List,
> >
> > please help me to implement sudo rules.
> >
> > i have did below steps and still not working for me.
> >
> > 1. created "Sudo Command Groups"
> > 2. Added some command (/bin/yum) and included in sudo group
> > 3. created "sudo Rule" on that
> >     * added sudo Option as "!authenticate"
> >       * Added User Group.
> >       * Added one Host
> >       * And under Run command, selected the Sudo Rule Group.
> > 4. entry on nsswitch.conf : sudoers: files sss
> > 5. entry on sssd.conf : services = nss, sudo, pam, ssh
> >
> > and i tried removing "!authenticate" and changed to Anyone, Any Host and
> Any
> > Command,
> > Also under As Whom to Anyone and Any Group
> > - I tried logout and login again on client with IPA user which is member
> of
> > user group.
> >
> > When i am running yum, getting error that user is not allowed to execute
> > command.
> >
> >
> > Please anyone help to correct my steps.
> >
> > Regards
> > Ben
>
> Please follow:
>     https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
> especially the sudo logs are often helpful to see what rules is sssd
> returning to sudo.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to