Hi Rob, unfortunally not. I am honestly out of options here. I must be missing something trivial or it is a configuration issue.
I am clearing the cache of the user on the idm server as the client. Even removed sssd cache, rebooted both client and idm controllers. Sudo permission is simply not granted.
----- [root@idm01 ~]# ipa hbactest --user=ansible --host=debclient1.linux.redacted.services --service=sshd -------------------- Access granted: True -------------------- Matched rules: allow_ansible_ssh2idm Not matched rules: allow_systemd-user Not matched rules: test_aduser [root@idm01 ~]# ipa hbactest --user=ansible --host=debclient1.linux.redacted.services --service=sudo -------------------- Access granted: True -------------------- Matched rules: allow_ansible_ssh2idm Not matched rules: allow_systemd-user Not matched rules: test_aduser [root@idm01 ~]# ipa hbactest --user=ansible --host=debclient1.linux.redacted.services --service=sudo-i -------------------- Access granted: True -------------------- Matched rules: allow_ansible_ssh2idm Not matched rules: allow_systemd-user Not matched rules: test_aduser [root@idm01 ~]# sss_cache -u ansible@linux.redacted.services && systemctl restart sssd [root@idm01 ~]# getent passwd ansible@linux.redacted.services ansible:*:996000008:996000008:(TESTING-111111):/home/ansible:/bin/bash [root@idm01 ~]# ipa hbacrule-show allow_ansible_ssh2idm Rule name: allow_ansible_ssh2idm Host category: all Service category: all Enabled: True Users: ansible
root@debclient1:/var/log/sssd# sss_cache -u ansible@linux.redacted.services && systemctl restart sssd root@debclient1:/var/log/sssd# getent passwd ansible@linux.redacted.services ansible:*:996000008:996000008:(TESTING-111111):/home/ansible:/bin/bash ----
On the client:
---- ansible@debclient1:~$ sudo -i [sudo] password for ansible: ansible is not allowed to run sudo on debclient1. ----
Kind regards..