[Freeipa-users] Setting up sudo in FreeIPA v2.2
Rob Crittenden
rcritten at redhat.com
Tue Oct 16 22:04:46 UTC 2012
Toasted Penguin wrote:
> I have the server setup to manage sudo and I configured a target client
> to use the IPA server for sudo. When a user tries to use sudo (in this
> case "sudo su -") it fails and they get the error "user is not allowed
> to run sudo on client-host. This incident will be reported." I verified
> via the log files that the client is making requests to the IPA server
> when the user is attemping to use sudo and it fails. I temporarily
> disabled using the IPA server for sudo and I get the standard "User not
> in the sudoers file...."
> Its starting to look like the server rules maybe the issue but I believe
> I have the sudo rule setup correctly. I created a sudo command
> "/bin/su", created a sudo rule "Sudo to root" , added the group the user
> in question is a part of to the WHO-->User Groups; Added the Host Group
> the target client host is part of to Access This Host-->Host Groups
> and added the sudo command to the sudo rule via Allow-->Sudo Allow
> Commands. When I delete the sudo rule I get the same result as I did
> when I temporarily disbled the client host using tghe IPA server for
> sudo verification.
> Any ideas why or where to look to figure out this issue?
> Thanks,
> David
I took a look at the docs and they state to edit /etc/nscld.conf. You
want /etc/ldap.conf for the configuration. Can you give that a try?
Adding sudoers_debug 2 should provide copious information on stdout.
rob
More information about the Freeipa-users
mailing list