[Freeipa-users] sudo su - works on one server for a user but not on another (its twin)
Steven Jones
Steven.Jones at vuw.ac.nz
Wed Aug 22 21:40:23 UTC 2012
Hi,
Im trying to fault find why a user can sudo su - on a server but not its twin.
I have nisdoaminnamae ods.vuw.ac.nz in rc.local.....
and sudo-ldap.conf and nsswitch.conf appear to be identical but the hostname match fails.
So for the working server,
========
sudo: ldap sudoHost '+servers-saas-root' ... MATCH!
sudo: ldap sudoCommand '/bin/su -' ... MATCH!
sudo: ldap sudoCommand '/bin/su - banner' ... MATCH!
sudo: Command allowed sudo: user_matches=1 sudo: host_matches=1
========
For the failing server,
========
sudo: ldap sudoHost '+servers-saas-root' ... not
sudo: ldap search 'sudoUser=+*'
sudo: user_matches=1
sudo: host_matches=0
========
I have a host failure, yet the server is in that host group...the HBAC rule allows ssh and sudo....ssh works for both, so HBAC rule should be OK.
The sudo command uses the same user and host groups as the HBAC...
Damned if I can see a setup error.
Ideas where to go looking next please?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120822/1148802b/attachment.htm>
More information about the Freeipa-users
mailing list