On 11/29/22 15:43, Kevin Vasko wrote:
passwd: compat systemd sss
group: compat systemd sss
I changed it to be
passwd: files compat systemd sss
group: files compat systemd sss
and still had the same problem.
id_provider=ipa
Yes Ubuntu.
sssd 2.2.3-3ubuntu0.9
This same named user that was created local is also in our IPA server
but want this local account and settings on this machine to override that.
-Kevin
On Nov 29, 2022, at 3:03 AM, Alexey Tikhonov <[email protected]> wrote:
Hi,
On Tue, Nov 29, 2022 at 1:10 AM Kevin Vasko <[email protected]
<mailto:[email protected]>> wrote:
We have a local user that has an entry in sudoers for a “NOPASSWD”.
In /etc/nsswitch.conf we have:
sudoers: files sss
What is in 'passwd:' and 'group:'?
Do you use 'id_provider=files' in 'sssd.conf'?
For some reason sssd is falling back to sssd even though we have
the “files” entry first and is checking our FreeIPA instance and
rejecting it and prompts for password.
if I make it
sudoers: files
It works.
This was working without issue on 18.04, we upgraded to 20.04 and
now see the problem.
I guess this is Ubuntu version?
Could you please specify SSSD package versions?
Is there a way to make it prioritize the local sudoers and stop
looking on sssd?
In general, SSSD does not support name collisions. You should make the
ipa domain to require fully qualified names.
Depending on the problem, there might be a way to solve it. However, I
must admit, I do not fully understand your issue. Can you be more
descriptive and provide some examples?
Thank you,
Pavel
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
