EL7.3
Users are in active directory via AD trust with IPA server

sudo is configured via files - users in our default "nwra" group can run
certain sudo commands, e.g.:

Cmnd_Alias WAKEUP = /sbin/ether-wake *
%nwra,%visitor,%ivm   ALL=NOPASSWD: WAKEUP

However, sometimes when I run sudo /sbin/ether-wake I get prompted for my
password.  Other times it works fine.  I've attached some logs from failed
attempt.

In particular, these entries:

-barry.cora.DNSDOMAIN sssd_be[701]: Got request with the following data
-barry.cora.DNSDOMAIN sssd_be[701]: command: SSS_PAM_PREAUTH
-barry.cora.DNSDOMAIN sssd_be[701]: domain: ad.DNSDOMAIN
-barry.cora.DNSDOMAIN sssd_be[701]: user: USER@ad.DNSDOMAIN
-barry.cora.DNSDOMAIN sssd_be[701]: service: sudo
-barry.cora.DNSDOMAIN sssd_be[701]: tty: /dev/pts/0
-barry.cora.DNSDOMAIN sssd_be[701]: ruser: USER
-barry.cora.DNSDOMAIN sssd_be[701]: rhost:
-barry.cora.DNSDOMAIN sssd_be[701]: authtok type: 0
-barry.cora.DNSDOMAIN sssd_be[701]: newauthtok type: 0
-barry.cora.DNSDOMAIN sssd_be[701]: priv: 0
-barry.cora.DNSDOMAIN sssd_be[701]: cli_pid: 2860
-barry.cora.DNSDOMAIN sssd_be[701]: logon name: not set
-barry.cora.DNSDOMAIN sssd_be[701]: Trying to resolve service 'IPA'
-barry.cora.DNSDOMAIN sssd_be[701]: The status of SRV lookup is resolved
-barry.cora.DNSDOMAIN sssd_be[701]: Found address for server ipa1.DNSDOMAIN:
[10.0.1.74] TTL 86400
-barry.cora.DNSDOMAIN krb5_child[2869]: cmd [249] uid [22603] gid [22603]
validate [true] enterprise principal [false] offline [false] UPN
[u...@ad.nwra.com]
-barry.cora.DNSDOMAIN krb5_child[2869]: SSSD_KRB5_FAST_PRINCIPAL is set to
[host/barry.cora.dnsdom...@nwra.com]
-barry.cora.DNSDOMAIN krb5_child[2869]: FAST TGT is still valid.
-barry.cora.DNSDOMAIN krb5_child[2869]: Trying to become user [22603][22603].
-barry.cora.DNSDOMAIN krb5_child[2869]: Cannot read
[SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
-barry.cora.DNSDOMAIN krb5_child[2869]: Cannot read [SSSD_KRB5_LIFETIME] from
environment.
-barry.cora.DNSDOMAIN krb5_child[2869]: SSSD_KRB5_CANONICALIZE is set to [true]
-barry.cora.DNSDOMAIN krb5_child[2869]: Cannot handle password prompts.
-barry.cora.DNSDOMAIN krb5_child[2869]: Received error code 0
-barry.cora.DNSDOMAIN sssd_be[701]: child [2869] finished successfully.
-barry.cora.DNSDOMAIN sssd_be[701]: Marking port 389 of server
'ipa1.DNSDOMAIN' as 'working'
-barry.cora.DNSDOMAIN sssd_be[701]: Marking server 'ipa1.DNSDOMAIN' as 'working'
-barry.cora.DNSDOMAIN sssd_be[701]: connection is about to expire, releasing it
-barry.cora.DNSDOMAIN sssd_be[701]: Trying to resolve service 'IPA'
-barry.cora.DNSDOMAIN sssd_be[701]: The status of SRV lookup is resolved
-barry.cora.DNSDOMAIN sssd_be[701]: Found address for server ipa1.DNSDOMAIN:
[10.0.1.74] TTL 86400
-barry.cora.DNSDOMAIN sssd_be[701]: Trying to resolve service 'IPA'
-barry.cora.DNSDOMAIN sssd_be[701]: The status of SRV lookup is resolved
-barry.cora.DNSDOMAIN sssd_be[701]: Found address for server ipa1.DNSDOMAIN:
[10.0.1.74] TTL 86400
-barry.cora.DNSDOMAIN ldap_child[2889]: Will run as [0][0].
-barry.cora.DNSDOMAIN ldap_child[2889]: Trying to become user [0][0].
-barry.cora.DNSDOMAIN ldap_child[2889]: Already user [0].
-barry.cora.DNSDOMAIN ldap_child[2889]: Principal name is:
[host/barry.cora.dnsdom...@nwra.com]
-barry.cora.DNSDOMAIN ldap_child[2889]: Using keytab [MEMORY:/etc/krb5.keytab]
-barry.cora.DNSDOMAIN ldap_child[2889]: Will canonicalize principals
-barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 1
-barry.cora.DNSDOMAIN sssd_be[701]: expire timeout is 900
-barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 1
-barry.cora.DNSDOMAIN sssd_be[701]: Executing sasl bind mech: GSSAPI, user:
host/barry.cora.DNSDOMAIN
-barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 1
-barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 2
-barry.cora.DNSDOMAIN sssd_be[701]: child [2889] finished successfully.
-barry.cora.DNSDOMAIN sssd_be[701]: Marking port 389 of server
'ipa1.DNSDOMAIN' as 'working'
-barry.cora.DNSDOMAIN sssd_be[701]: Marking server 'ipa1.DNSDOMAIN' as 'working'
-barry.cora.DNSDOMAIN sssd_be[701]: No host groups were dereferenced
-barry.cora.DNSDOMAIN sssd_be[701]: Received 0 additional command groups
-barry.cora.DNSDOMAIN sssd_be[701]: Received 0 sudo rules
-barry.cora.DNSDOMAIN sssd_be[701]: SUDO higher USN value: [1]
-barry.cora.DNSDOMAIN sudo[2860]:    USER : command not allowed ; TTY=pts/0 ;
PWD=/export/home/USER/fedora/fail2ban ; USER=root ; COMMAND=/sbin/ether-wake
-i eth0 00:25:64:e0:05:fa

seem to appear in the failed attempt but not a successful one.

-- 
Orion Poplawski
Technical Manager                          720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       or...@nwra.com
Boulder, CO 80301                   http://www.nwra.com
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: Received client version [1].
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: Offered version [1].
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: name 'USER' matched without domain, user is USER
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: using default domain [ad.DNSDOMAIN]
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: Cache Request [Initgroups by name #0]: Requesting info for [USER@ad.DNSDOMAIN]
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: Cache Request [Initgroups by name #0]: Cannot find info for [USER@ad.DNSDOMAIN]
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_be[701]: Got request for [0x3][BE_REQ_INITGROUPS][1][name=USER@ad.DNSDOMAIN]
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_be[701]: ldap_extended_operation result: No such object(32), (null).
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_be[701]: s2n exop request failed.
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_be[701]: s2n get_fqlist request failed.
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Unknown domain (ad.DNSDOMAIN) requested by provider
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: Cache Request [Initgroups by name #0]: Requesting info for [USER@ad.DNSDOMAIN]
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: Searching sysdb with [(&(objectClass=sudoRule)(dataExpireTimestamp<=1485548743)(|(name=defaults)(sudoUser=ALL)(sudoUser=USER@ad.DNSDOMAIN)(sudoUser=#22603)(sudoUser=%wireless\20access@ad.DNSDOMAIN)(sudoUser=%andreas\20admins@ad.DNSDOMAIN)(sudoUser=%heimdall\20users@ad.DNSDOMAIN)(sudoUser=%pirep\20rd\20users@ad.DNSDOMAIN)(sudoUser=%domain\20users@ad.DNSDOMAIN)(sudoUser=%nwra-users@ad.DNSDOMAIN)(sudoUser=%ivmgroup@ad.DNSDOMAIN)(sudoUser=%boulder@ad.DNSDOMAIN)(sudoUser=%USER@DNSDOMAIN)(sudoUser=%nwra@DNSDOMAIN)(sudoUser=+*)))]
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: Searching sysdb with [(&(objectClass=sudoRule)(name=defaults))]
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Received client version [1].
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Offered version [1].
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: name 'root' matched without domain, user is root
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: using default domain [ad.DNSDOMAIN]
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [root] from [ad.DNSDOMAIN]
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: name 'nwra' matched without domain, user is nwra
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: using default domain [ad.DNSDOMAIN]
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [nwra] from [ad.DNSDOMAIN]
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [nwra@ad.DNSDOMAIN]
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_be[701]: Got request for [0x2][BE_REQ_GROUP][1][name=nwra@ad.DNSDOMAIN]
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [nwra@ad.DNSDOMAIN]
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: name 'ivm' matched without domain, user is ivm
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: using default domain [ad.DNSDOMAIN]
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [ivm] from [ad.DNSDOMAIN]
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [ivm@ad.DNSDOMAIN]
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_be[701]: Got request for [0x2][BE_REQ_GROUP][1][name=ivm@ad.DNSDOMAIN]
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: ldap_extended_operation result: No such object(32), (null).
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: s2n exop request failed.
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: s2n get_fqlist request failed.
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [ivm@ad.DNSDOMAIN]
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_nss[771]: name 'visitor' matched without domain, user is visitor
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_nss[771]: using default domain [ad.DNSDOMAIN]
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [visitor] from [ad.DNSDOMAIN]
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [visitor@ad.DNSDOMAIN]
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: Got request for [0x2][BE_REQ_GROUP][1][name=visitor@ad.DNSDOMAIN]
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: ldap_extended_operation result: No such object(32), (null).
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: s2n exop request failed.
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [visitor@ad.DNSDOMAIN]
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_sudo[772]: name 'USER' matched without domain, user is USER
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_sudo[772]: using default domain [ad.DNSDOMAIN]
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_sudo[772]: Cache Request [Initgroups by name #1]: Requesting info for [USER@ad.DNSDOMAIN]
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_sudo[772]: Cache Request [Initgroups by name #1]: Cannot find info for [USER@ad.DNSDOMAIN]
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: Got request for [0x3][BE_REQ_INITGROUPS][1][name=USER@ad.DNSDOMAIN]
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: ldap_extended_operation result: No such object(32), (null).
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: s2n exop request failed.
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: s2n get_fqlist request failed.
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_nss[771]: Unknown domain (ad.DNSDOMAIN) requested by provider
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_sudo[772]: Cache Request [Initgroups by name #1]: Requesting info for [USER@ad.DNSDOMAIN]
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_sudo[772]: Searching sysdb with [(&(objectClass=sudoRule)(dataExpireTimestamp<=1485548744)(|(name=defaults)(sudoUser=ALL)(sudoUser=USER@ad.DNSDOMAIN)(sudoUser=#22603)(sudoUser=%wireless\20access@ad.DNSDOMAIN)(sudoUser=%andreas\20admins@ad.DNSDOMAIN)(sudoUser=%heimdall\20users@ad.DNSDOMAIN)(sudoUser=%pirep\20rd\20users@ad.DNSDOMAIN)(sudoUser=%domain\20users@ad.DNSDOMAIN)(sudoUser=%nwra-users@ad.DNSDOMAIN)(sudoUser=%ivmgroup@ad.DNSDOMAIN)(sudoUser=%boulder@ad.DNSDOMAIN)(sudoUser=%USER@DNSDOMAIN)(sudoUser=%nwra@DNSDOMAIN)(sudoUser=+*)))]
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_sudo[772]: Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=USER@ad.DNSDOMAIN)(sudoUser=#22603)(sudoUser=%wireless\20access@ad.DNSDOMAIN)(sudoUser=%andreas\20admins@ad.DNSDOMAIN)(sudoUser=%heimdall\20users@ad.DNSDOMAIN)(sudoUser=%pirep\20rd\20users@ad.DNSDOMAIN)(sudoUser=%domain\20users@ad.DNSDOMAIN)(sudoUser=%nwra-users@ad.DNSDOMAIN)(sudoUser=%ivmgroup@ad.DNSDOMAIN)(sudoUser=%boulder@ad.DNSDOMAIN)(sudoUser=%USER@DNSDOMAIN)(sudoUser=%nwra@DNSDOMAIN)))]
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_sudo[772]: Searching sysdb with [(&(objectClass=sudoRule)(sudoUser=+*)(!(|(sudoUser=ALL)(sudoUser=USER@ad.DNSDOMAIN)(sudoUser=#22603)(sudoUser=%wireless\20access@ad.DNSDOMAIN)(sudoUser=%andreas\20admins@ad.DNSDOMAIN)(sudoUser=%heimdall\20users@ad.DNSDOMAIN)(sudoUser=%pirep\20rd\20users@ad.DNSDOMAIN)(sudoUser=%domain\20users@ad.DNSDOMAIN)(sudoUser=%nwra-users@ad.DNSDOMAIN)(sudoUser=%ivmgroup@ad.DNSDOMAIN)(sudoUser=%boulder@ad.DNSDOMAIN)(sudoUser=%USER@DNSDOMAIN)(sudoUser=%nwra@DNSDOMAIN))))]
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: Got request for [0x3][BE_REQ_INITGROUPS][1][name=USER@ad.DNSDOMAIN]
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: ldap_extended_operation result: No such object(32), (null).
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: s2n exop request failed.
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: s2n get_fqlist request failed.
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_nss[771]: Unknown domain (ad.DNSDOMAIN) requested by provider
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: Got request with the following data
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: command: SSS_PAM_PREAUTH
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: domain: ad.DNSDOMAIN
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: user: USER@ad.DNSDOMAIN
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: service: sudo
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: tty: /dev/pts/0
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: ruser: USER
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: rhost: 
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: authtok type: 0
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: newauthtok type: 0
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: priv: 0
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: cli_pid: 2860
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: logon name: not set
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: Trying to resolve service 'IPA'
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: The status of SRV lookup is resolved
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: Found address for server ipa1.DNSDOMAIN: [10.0.1.74] TTL 86400
Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: cmd [249] uid [22603] gid [22603] validate [true] enterprise principal [false] offline [false] UPN [u...@ad.nwra.com]
Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: SSSD_KRB5_FAST_PRINCIPAL is set to [host/barry.cora.dnsdom...@nwra.com]
Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: FAST TGT is still valid.
Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: Trying to become user [22603][22603].
Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: Cannot read [SSSD_KRB5_LIFETIME] from environment.
Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: SSSD_KRB5_CANONICALIZE is set to [true]
Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: Cannot handle password prompts.
Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: Received error code 0
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: child [2869] finished successfully.
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: Marking port 389 of server 'ipa1.DNSDOMAIN' as 'working'
Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: Marking server 'ipa1.DNSDOMAIN' as 'working'
Jan 27 13:25:45 barry.cora.DNSDOMAIN sssd_be[701]: connection is about to expire, releasing it
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Trying to resolve service 'IPA'
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: The status of SRV lookup is resolved
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Found address for server ipa1.DNSDOMAIN: [10.0.1.74] TTL 86400
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Trying to resolve service 'IPA'
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: The status of SRV lookup is resolved
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Found address for server ipa1.DNSDOMAIN: [10.0.1.74] TTL 86400
Jan 27 13:25:51 barry.cora.DNSDOMAIN ldap_child[2889]: Will run as [0][0].
Jan 27 13:25:51 barry.cora.DNSDOMAIN ldap_child[2889]: Trying to become user [0][0].
Jan 27 13:25:51 barry.cora.DNSDOMAIN ldap_child[2889]: Already user [0].
Jan 27 13:25:51 barry.cora.DNSDOMAIN ldap_child[2889]: Principal name is: [host/barry.cora.dnsdom...@nwra.com]
Jan 27 13:25:51 barry.cora.DNSDOMAIN ldap_child[2889]: Using keytab [MEMORY:/etc/krb5.keytab]
Jan 27 13:25:51 barry.cora.DNSDOMAIN ldap_child[2889]: Will canonicalize principals
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 1
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: expire timeout is 900
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 1
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Executing sasl bind mech: GSSAPI, user: host/barry.cora.DNSDOMAIN
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 1
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 2
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: child [2889] finished successfully.
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Marking port 389 of server 'ipa1.DNSDOMAIN' as 'working'
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Marking server 'ipa1.DNSDOMAIN' as 'working'
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: No host groups were dereferenced
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Received 0 additional command groups
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Received 0 sudo rules
Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: SUDO higher USN value: [1]
Jan 27 13:25:54 barry.cora.DNSDOMAIN sudo[2860]:    USER : command not allowed ; TTY=pts/0 ; PWD=/export/home/USER/fedora/fail2ban ; USER=root ; COMMAND=/sbin/ether-wake -i eth0 00:25:64:e0:05:fa
Jan 27 13:25:54 barry.cora.DNSDOMAIN sssd_nss[771]: Terminating request info for all accounts
Jan 27 13:25:54 barry.cora.DNSDOMAIN sssd_nss[771]: Terminating request info for all groups
Jan 27 13:25:54 barry.cora.DNSDOMAIN sssd_nss[771]: Client disconnected!
Jan 27 13:25:54 barry.cora.DNSDOMAIN sssd_sudo[772]: Client disconnected!
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to