Re: [Freeipa-users] Sudo Rule not working

[Jeff Goddard]

I had a similar issue. To see the details and solution search the list for:
Re: [Freeipa-users] sudo rules question on ubuntu 16.0.1


Jeff

On Thu, Sep 29, 2016 at 4:22 AM, Deepak Dimri 
wrote:

> Hi All,
>
> I have added sudo rule  having allowed command for sudo su for a test
> user. When i login with this test user to my IPA client (ubuntu). I am
> getting a message that "the user is not in the sudoers file.  This
> incident will be reported." and it works fine if i add the user to sudoers
> file then the user can switch to sudo and is able to run all the commands
> even the commands i have included in "deny" list in my IPA server.
>
>
> Do we need to have  user/group added sudoers list for IPA sudo rule to
> work? if so then how can i make it work with IPA sudo rules?
>
>
> Thanks,
>
> Deepak
>
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Sudo Rule not working

[Jakub Hrozek]

On Thu, Sep 29, 2016 at 08:22:03AM +, Deepak Dimri wrote:
> Hi All,
> 
> I have added sudo rule  having allowed command for sudo su for a test user. 
> When i login with this test user to my IPA client (ubuntu). I am getting a 
> message that "the user is not in the sudoers file.  This incident will be 
> reported." and it works fine if i add the user to sudoers file then the user 
> can switch to sudo and is able to run all the commands even the commands i 
> have included in "deny" list in my IPA server.
> 
> 
> Do we need to have  user/group added sudoers list for IPA sudo rule to work? 
> if so then how can i make it work with IPA sudo rules?

Please check out:
https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Sudo Rule Not working with UserGroup

[Yogesh Sharma]

It has started working. Not sure what happened, but seems to be issue with
cache time out again.

Thanks Jakub. I will update more if I am able to replicate the issue again.

*Best Regards,*

*__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
 *

*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

   



On Fri, Aug 14, 2015 at 7:12 PM, Jakub Hrozek  wrote:

> On Fri, Aug 14, 2015 at 07:05:48PM +0530, Yogesh Sharma wrote:
> > Hi,
> >
> > We have moved to next step and working to configuring the Sudo Rule.
> >
> > When we add individual users to sudo rules, it works perfectly. However
> as
> > soon as we add usergroup to sudo rules, It stop working.
>
> I'm sorry, but it's not possible to help without seeing the logs.
> In this case, the sudo logs.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Sudo Rule Not working with UserGroup

[Jakub Hrozek]

On Fri, Aug 14, 2015 at 07:05:48PM +0530, Yogesh Sharma wrote:
> Hi,
> 
> We have moved to next step and working to configuring the Sudo Rule.
> 
> When we add individual users to sudo rules, it works perfectly. However as
> soon as we add usergroup to sudo rules, It stop working.

I'm sorry, but it's not possible to help without seeing the logs.
In this case, the sudo logs.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project