slek kus via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
Hi Rob, unfortunally not. I am honestly out of options here. I must be missing something trivial or it is a configuration issue.
...
On the client:
ansible@debclient1:~$ sudo -i [sudo] password for ansible: ansible is not allowed to run sudo on debclient1.
Let's see how the client is configured and what's in the logs.
- /etc/nsswitch.conf should have this line: sudoers: files sss
- What's in /etc/pam.d/sudo* ?
- What says "sudo -l"?
- something useful in /var/log/sssd/sssd_<domain>.log and /var/log/auth.log?
Troubleshooting docs are here: https://docs.pagure.org/sssd.sssd/users/sudo_troubleshooting.html
Jochen