[Freeipa-users] Sudo hangs after reenrollment of some servers in fresh IPA domain
Pavel Brezina
pbrezina at redhat.com
Thu Jun 4 18:36:44 UTC 2015
Hi,
please put the following line to /etc/sudo.conf to obtain sudo logs and send us the file:
Debug sudo /var/log/sudo_debug all at trace
----- Original Message -----
> From: "Martin Kosek" <mkosek at redhat.com>
> To: "Sina Owolabi" <notify.sina at gmail.com>
> Cc: "Cory Carlton" <cory at pithoslabs.com>, freeipa-users at redhat.com, "Pavel Brezina" <pbrezina at redhat.com>, "Jakub
> Hrozek" <jhrozek at redhat.com>
> Sent: Thursday, June 4, 2015 5:15:04 PM
> Subject: Re: [Freeipa-users] Sudo hangs after reenrollment of some servers in fresh IPA domain
>
> On 06/04/2015 05:13 PM, Sina Owolabi wrote:
> > Hi Martin
> >
> > I have deleted everything in /var/lib/sss/db/ and restarted sssd,
> > no luck.
>
> In that case, I am afraid you might need to enable sudo and SSSD debug
> (https://fedorahosted.org/sssd/wiki/Troubleshooting) and see where it hans.
> Also CCing sudo/sssd SMEs to be aware.
>
> >
> > On Thu, Jun 4, 2015 at 4:10 PM, Martin Kosek <mkosek at redhat.com> wrote:
> >> On 06/04/2015 05:06 PM, Cory Carlton wrote:
> >>> I would check for DNS resolution from the machine executing the sudo, to
> >>> the IPA server.
> >>
> >> I would also suggest cleaning SSSD caches, since you reinstalled against
> >> the
> >> same domain, but actually different server (/var/lib/sss/db/)
> >>
> >>> On Thu, Jun 4, 2015 at 9:54 AM, Sina Owolabi <notify.sina at gmail.com>
> >>> wrote:
> >>>
> >>>> Hi
> >>>>
> >>>> I recently had to remove and reinstall a fresh IPA server. I am
> >>>> currently re-enrolling all the ipa clients to the recently refreshed
> >>>> domain (same name as the previous realm and domain). The new IPA
> >>>> master is RHEL7.1 with IPA 4.1.3.
> >>>>
> >>>> All client servers are running RHEL6.6.
> >>>>
> >>>> I also have sudorule that allows a group to have access to run all
> >>>> commands on all servers:
> >>>>
> >>>> Rule name: All
> >>>> Enabled: TRUE
> >>>> Host category: all
> >>>> Command category: all
> >>>> User Groups: superusers
> >>>> Sudo Option: !authenticate
> >>>> ----------------------------
> >>>>
> >>>> I noticed that trying to run sudo on a few of the servers makes the
> >>>> command hang indefinitely.
> >>>> I am not sure what is the cause and where to look. Please what can I
> >>>> do to troubleshoot and fix this?
> >>>>
> >>>> --
> >>>> Manage your subscription for the Freeipa-users mailing list:
> >>>> https://www.redhat.com/mailman/listinfo/freeipa-users
> >>>> Go to http://freeipa.org for more info on the project
> >>>>
> >>>
> >>>
> >>>
> >>
>
>
More information about the Freeipa-users
mailing list