I have followed troubleshooting procedure outlined hereTroubleshooting - FreeIPA

  
|  
|   
|   
|   |    |

   |

  |
|  
|   |  
Troubleshooting - FreeIPA
   |   |

  |

  |

 
Additionally I have done contrast and compare with a working server for the 
following 
files/etc/hosts/etc/resolv.conf/etc/sudo-ldap.conf/etc/krb5.conf/etc/sssd.conf/etc/nssswitch.conf
all are identical other than host specific information.
In addition I have also enabled debug_level in sssd.conf in all stanzas, but 
noticed that sudo log is not being generated.I can however provide other logs.
I have also enabled sudo_debug=2 in /etc/sudo-ldap.confbut not sure where to 
look for that log file.
A and PTR records exist for problematic servers in FreeIPA DNS.
As mentioned above the user-id can  ssh just fine but not sudo for any command 
even though that id should be able to do ANY ANY.
I have checked the the user-id is in the correct sudo groups that are applied 
for the host-groups for broken servers.
To add to the oddity we somehow managed to fix the problem on several servers 
but as it was a lot blind trial and error we are not surewhat the corrective 
steps actually were. 
Please let me know what else I can/should take a look at. I can also provide 
logs if needed.
thanks
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to