On Tue, 10 Apr 2007, Nalin Dahyabhai wrote:
On Tue, Apr 10, 2007 at 10:32:18AM -0500, Chris St. Pierre wrote:
We discovered on RHEL4 that sudo didn't quite handle LDAP (or other, I
suppose) groups properly. In order for sudo to use LDAP groups for
access control, we had to specify group lookups thusly in
nsswitch.conf:
group: ldap files
The other way around ("files ldap"), while the default from
authconfig, did not work with sudo. (To wit, sudo complained that the
user attempting to sudo was not found in sudoers -- even though
'groups username' clearly showed they were in the correct group.)
Do you have groups with the same name defined in both /etc/group and the
directory server? That would cause this sort of behavior.
Somewhat embarassingly, yes, that was exactly the problem. Thanks.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
----------------------------
Never send mail to [EMAIL PROTECTED]
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
