[Freeipa-users] SUDO does not always works on first try
Zoske, Fabian
f.zoske at euroimmun.de
Mon Oct 5 13:25:09 UTC 2015
Dear Jakub,
I found only the following entries in the /var/log/auth.log:
Oct 5 11:57:38 hl-srv10 sudo: pam_unix(sudo:auth): conversation failed
Oct 5 11:57:38 hl-srv10 sudo: pam_unix(sudo:auth): auth could not identify password for [f.zoske at de.eu.local]
Oct 5 11:57:38 hl-srv10 sudo: pam_sss(sudo:auth): authentication failure; logname=f.zoske at de.eu.local uid=1948403038 euid=0 tty=/dev/pts/1 ruser=f.zoske at de.eu.local rhost= user=f.zoske at de.eu.local
Oct 5 11:57:38 hl-srv10 sudo: pam_sss(sudo:auth): received for user f.zoske at de.eu.local: 7 (Authentication failure)
Oct 5 11:57:38 hl-srv10 sudo: f.zoske at de.eu.local : user NOT authorized on host ; TTY=pts/1 ; PWD=/home/de.eu.local/f.zoske ; USER=root ; COMMAND=/bin/cat /etc/sssd/sssd.conf
Oct 5 11:57:42 hl-srv10 sudo: pam_unix(sudo:auth): authentication failure; logname=f.zoske at de.eu.local uid=1948403038 euid=0 tty=/dev/pts/1 ruser=f.zoske at de.eu.local rhost= user=f.zoske at de.eu.local
Oct 5 11:57:42 hl-srv10 sudo: pam_sss(sudo:auth): authentication success; logname=f.zoske at de.eu.local uid=1948403038 euid=0 tty=/dev/pts/1 ruser=f.zoske at de.eu.local rhost= user=f.zoske at de.eu.local
Oct 5 11:57:43 hl-srv10 sudo: f.zoske at de.eu.local : user NOT authorized on host ; TTY=pts/1 ; PWD=/home/de.eu.local/f.zoske ; USER=root ; COMMAND=/bin/bash
Oct 5 11:57:46 hl-srv10 sudo: pam_unix(sudo:auth): authentication failure; logname=f.zoske at de.eu.local uid=1948403038 euid=0 tty=/dev/pts/1 ruser=f.zoske at de.eu.local rhost= user=f.zoske at de.eu.local
Oct 5 11:57:47 hl-srv10 sudo: pam_sss(sudo:auth): authentication success; logname=f.zoske at de.eu.local uid=1948403038 euid=0 tty=/dev/pts/1 ruser=f.zoske at de.eu.local rhost= user=f.zoske at de.eu.local
Oct 5 11:57:47 hl-srv10 sudo: f.zoske at de.eu.local : TTY=pts/1 ; PWD=/home/de.eu.local/f.zoske ; USER=root ; COMMAND=/bin/bash
Oct 5 11:57:47 hl-srv10 sudo: pam_unix(sudo:session): session opened for user root by f.zoske at de.eu.local(uid=0)<mailto:f.zoske at de.eu.local(uid=0)>
In /var/log/sssd/ no entries were logged.
My sssd.conf:
[domain/ipa-lx.com]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa-lx.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = hl-srv10.ipa-lx.com
chpass_provider = ipa
ipa_server = _srv_, dc01.ipa-lx.com
ldap_tls_cacert = /etc/ipa/ca.crt
ldap_sudo_use_host_filter = false
[sssd]
services = nss, pam, ssh, sudo
config_file_version = 2
default_domain_suffix = de.eu.local
domains = ei-ag.it
[nss]
override_shell = /bin/bash
[pam]
[sudo]
[autofs]
[ssh]
[pac]
Best regards,
Fabian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151005/0eec8c99/attachment.htm>
More information about the Freeipa-users
mailing list