Re: [Freeipa-users] Sudo rule implementation

2016-12-20 Thread Ben .T.George 
HI,

thanks for your information. I have validated logs.

i destroyed the current kerberos ticket and re-initiated, then the issue
solved.

Regards,
Ben

On Tue, Dec 20, 2016 at 2:24 PM, Jakub Hrozek  wrote:

> On Tue, Dec 20, 2016 at 01:19:15PM +0300, Ben .T.George wrote:
> > Hi List,
> >
> > please help me to implement sudo rules.
> >
> > i have did below steps and still not working for me.
> >
> > 1. created "Sudo Command Groups"
> > 2. Added some command (/bin/yum) and included in sudo group
> > 3. created "sudo Rule" on that
> > * added sudo Option as "!authenticate"
> >   * Added User Group.
> >   * Added one Host
> >   * And under Run command, selected the Sudo Rule Group.
> > 4. entry on nsswitch.conf : sudoers: files sss
> > 5. entry on sssd.conf : services = nss, sudo, pam, ssh
> >
> > and i tried removing "!authenticate" and changed to Anyone, Any Host and
> Any
> > Command,
> > Also under As Whom to Anyone and Any Group
> > - I tried logout and login again on client with IPA user which is member
> of
> > user group.
> >
> > When i am running yum, getting error that user is not allowed to execute
> > command.
> >
> >
> > Please anyone help to correct my steps.
> >
> > Regards
> > Ben
>
> Please follow:
> https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
> especially the sudo logs are often helpful to see what rules is sssd
> returning to sudo.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Sudo rule implementation

2016-12-20 Thread Jakub Hrozek 
On Tue, Dec 20, 2016 at 01:19:15PM +0300, Ben .T.George wrote:
> Hi List,
> 
> please help me to implement sudo rules.
> 
> i have did below steps and still not working for me.
> 
> 1. created "Sudo Command Groups"
> 2. Added some command (/bin/yum) and included in sudo group
> 3. created "sudo Rule" on that
> * added sudo Option as "!authenticate"
>   * Added User Group.
>   * Added one Host
>   * And under Run command, selected the Sudo Rule Group.
> 4. entry on nsswitch.conf : sudoers: files sss
> 5. entry on sssd.conf : services = nss, sudo, pam, ssh
> 
> and i tried removing "!authenticate" and changed to Anyone, Any Host and Any
> Command,
> Also under As Whom to Anyone and Any Group
> - I tried logout and login again on client with IPA user which is member of
> user group.
> 
> When i am running yum, getting error that user is not allowed to execute
> command.
> 
> 
> Please anyone help to correct my steps.
> 
> Regards
> Ben

Please follow:
https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
especially the sudo logs are often helpful to see what rules is sssd
returning to sudo.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project