On 03/04/2013 09:14 PM, Steven Jones wrote: > It seems sudo su - for admins nolonger works > > ===== > [jonesst1@8kxl72s ~]$ ssh vuwunicobandbd1.ods.vuw.ac.nz > jones...@vuwunicobandbd1.ods.vuw.ac.nz's password: Last login: Thu Feb > 28 11:33:11 2013 from 130.195.245.249 Kickstarted on 2012-07-27 > ORACLE_BASE environment variable is not being set since this > information is not available for the current user ID jonesst1. You can > set ORACLE_BASE manually if it is required. Running > /apps/sct/banner8/admin/banenv... [jonesst1@vuwunicobandbd1 ~]$ sudo > su - LDAP Config Summary =================== uri > ldap://vuwunicoipam001.ods.vuw.ac.nz ldap_version 3 sudoers_base > ou=SUDOers,dc=ods,dc=vuw,dc=ac,dc=nz binddn > uid=sudo,cn=sysaccounts,cn=etc,dc=ods,dc=vuw,dc=ac,dc=nz bindpw > www.apac.c0m bind_timelimit 5000000 ssl start_tls tls_checkpeer (no) > tls_cacertfile /etc/ipa/ca.crt =================== sudo: > ldap_set_option: debug -> 0 sudo: ldap_set_option: tls_checkpeer -> 0 > sudo: ldap_set_option: tls_cacertfile -> /etc/ipa/ca.crt sudo: > ldap_set_option: tls_cacert -> /etc/ipa/ca.crt sudo: > ldap_initialize(ld, ldap://vuwunicoipam001.ods.vuw.ac.nz) sudo: > ldap_set_option: ldap_version -> 3 sudo: > ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5000) sudo: > ldap_start_tls_s() ok sudo: ldap_sasl_bind_s() ok sudo: no default > options found in ou=SUDOers,dc=ods,dc=vuw,dc=ac,dc=nz sudo: ldap > search > '(|(sudoUser=jonesst1)(sudoUser=%jonesst1)(sudoUser=%svnuser)(sudoUser=%ipausers)(sudoUser=%desktop-admins-test)(sudoUser=%steven-desktop)(sudoUser=%its-ops-servers)(sudoUser=%its-research-users-servers)(sudoUser=ALL))' > sudo: found:cn=su-sudo-su-test,ou=sudoers,dc=ods,dc=vuw,dc=ac,dc=nz > sudo: ldap sudoHost 'vuwunicosas0002.ods.vuw.ac.nz' ... not sudo: > found:cn=su-server-ops-admin,ou=sudoers,dc=ods,dc=vuw,dc=ac,dc=nz > sudo: ldap sudoHost '+servers' ... not sudo: ldap search 'sudoUser=+*' > sudo: user_matches=1 sudo: host_matches=0 sudo: > sudo_ldap_lookup(0)=0x40 [sudo] password for jonesst1: > =====
Sorry this is hardly readable. Any chance you can paste something better formatted? > > I get a host match failure, nisdomainname and domainname match > > ======== > [root@vuwunicobandbd1 sssd]# domainname > ods.vuw.ac.nz > [root@vuwunicobandbd1 sssd]# nisdomainname > ods.vuw.ac.nz > [root@vuwunicobandbd1 sssd]# getent netgroup servers > servers > ======= > > but getent fails to return as above. This was working in August but > it seems that on all the RHEL6 servers sudo su - no longer works. > > any ideas please? > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
