Sent with Proton Mail secure email.
On Friday, February 2nd, 2024 at 10:36, slek kus via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi Jochen, nsswitch.conf checks local files and sss. Below is the contents of etc/pam.d/sudo:
#%PAM-1.0
# Set up user limits from /etc/security/limits.conf. session required pam_limits.so
@include common-auth @include common-account @include common-session-noninteractive
sudo -l:
ansible@debclient1:~$ sudo -l [sudo] password for ansible: Sorry, user ansible may not run sudo on debclient1.
sssd_[domain].log: https://privatebin.net/?e841ce0e62791e1b#CU9EhpDrajzQXEihhp2jmjbD92RtG8YZ6Sw...
sssd_sudo.log: https://privatebin.net/?40e60858ff984c15#HcQQK2u8wCTYzA6tcttnaiQMsoQ1mVbjCnA...
I have created a new testuser, placed this one in the same hbac rules group. also no sudo access. Added this new test user to the local sudo group, and access has been granted. It shouldn't be nessecary to add IPA users to local groups, or am I wrong here.
kind regards.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Hi Jochen, thanks for taking the time to help. While done the sudo debug and not finding anything, I tried and enabled the default "allow_all" rule and it worked. Then disabled allow_all again and it continued working as there's a dedicated policy. No idea why it functions now. Issue has been solved and today it still is OK.
kind regards.