[Freeipa-users] sudo without the !authenticate
Hello, I've a freeipa running on fedora 20 with fedora 20 clients. When I configure sudo with the !authenticate option, everything works fine. ie 'sudo journalctl' works fine, you get to see the logs However when I remove the !authenticate option the sudo command asks for a password but it always fails. In the logs it says that authentication succes but it is followed by the line access denied. What could be causing this ? Rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] sudo without the !authenticate
On 09/01/2014 06:17 PM, Rob Verduijn wrote: Hello, I've a freeipa running on fedora 20 with fedora 20 clients. When I configure sudo with the !authenticate option, everything works fine. ie 'sudo journalctl' works fine, you get to see the logs However when I remove the !authenticate option the sudo command asks for a password but it always fails. In the logs it says that authentication succes but it is followed by the line access denied. What could be causing this ? Rob Probably access control. Do you have HBAC rules defined? Do they allow user to do sudo operations? -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] sudo without the !authenticate
2014-09-01 18:47 GMT+02:00 Dmitri Pal d...@redhat.com: On 09/01/2014 06:17 PM, Rob Verduijn wrote: Hello, I've a freeipa running on fedora 20 with fedora 20 clients. When I configure sudo with the !authenticate option, everything works fine. ie 'sudo journalctl' works fine, you get to see the logs However when I remove the !authenticate option the sudo command asks for a password but it always fails. In the logs it says that authentication succes but it is followed by the line access denied. What could be causing this ? Rob Probably access control. Do you have HBAC rules defined? Do they allow user to do sudo operations? -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project Hello, That was indeed preventing the access without the !noathenticate. I've added sudo to the hbac and now it works. Thanx. Rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project