[Freeipa-users] HOWTO: Troubleshooting SUDO

2015-10-09 Thread Pavel Březina
Hi, I just submitted a sudo troubleshooting guide [1]. If you find anything missing, please, let me know. [1] https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to

Re: [Freeipa-users] (no subject)

2015-10-09 Thread Karl Forner
Ok, that was it: sssd Version: 1.12.5-1~trusty1 I inverted the sudoOrders: sudo -l Matching Defaults entries for karl on : env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin User karl may run the following commands on : (ALL)

Re: [Freeipa-users] SUDO does not always works on first try

2015-10-09 Thread Zoske, Fabian
Hi Jakub, I increased the log level in every SSSD section to 6 and got following output, hope that helps. KRB5_CHILD.LOG: https://s.mit42.de/IR6tu SSSD_SUDO.LOG (two tries are logged in it): https://s.mit42.de/WF1Jl SSSD_IPA-LX.COM: https://s.mit42.de/frBvx Best regards, Fabian

Re: [Freeipa-users] (no subject)

2015-10-09 Thread Pavel Březina
On 10/09/2015 01:36 PM, Karl Forner wrote: Ok, that was it: sssd Version: 1.12.5-1~trusty1 I inverted the sudoOrders: sudo -l Matching Defaults entries for karl on : env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin User karl may

Re: [Freeipa-users] (no subject)

2015-10-09 Thread Karl Forner
> Thanks. Please, keep in mind that we changed the default to the correct > order in sssd 1.13.1. Therefore if you update sssd you will either have to > invert the order again or set sudo_inverse_order = true in [sudo] in > /etc/sssd/sssd.conf. ok. I don't think there's an easy way to upgrade

Re: [Freeipa-users] Slow SSH login for IPA users only

2015-10-09 Thread Sumit Bose
On Wed, Oct 07, 2015 at 01:23:06PM +0200, Guillem Liarte wrote: > Sumit, > > Thanks for you reply. > > Ues, I have debug enabled: With level 5 I see that here is where it spends > most of its time: > > (Wed Oct 7 13:14:17 2015) [sssd[be[#.com]]] [be_get_account_info] > (0x0200): Got request

Re: [Freeipa-users] (no subject)

2015-10-09 Thread Pavel Březina
On 10/09/2015 01:40 PM, Karl Forner wrote: Thanks. Please, keep in mind that we changed the default to the correct order in sssd 1.13.1. Therefore if you update sssd you will either have to invert the order again or set sudo_inverse_order = true in [sudo] in /etc/sssd/sssd.conf. ok. I don't

Re: [Freeipa-users] Slow SSH login for IPA users only

2015-10-09 Thread Guillem Liarte
Thanks Sumit. The version of sssd is 1.12.2-58.el7_1.17 I do not have any AD trusts defined, I suppose I should not see those messages. Thanks again. Guillem On 9 October 2015 at 14:06, Sumit Bose wrote: > On Wed, Oct 07, 2015 at 01:23:06PM +0200, Guillem Liarte wrote: > >