On Wed, Apr 23, 2014 at 10:01 AM, Jakub Hrozek <jhrozek@redhat.com> wrote:
On Tue, Apr 22, 2014 at 10:52:23PM +0100, Chris Hayes wrote:
> I have SSSD (1.8.4) working fine on Debian Wheezy system, with an LDAP
> backend for users and groups. However, I'm having a problem with sudo.
>
> My sudoers configuration file has the line following line in it:
>
> %sudo   ALL=(ALL:ALL) ALL
>
> And my LDAP (via SSSD) user is in that "sudo" group (its UID is in the
> /etc/group file for group sudo, and getent shows this fine).
>
> sudo:x:27:9009
>
> However, when I run a sudo command, I receive the following error:
>
> chris is not in the sudoers file. This incident will be reported.
>
> Can someone help me to understand why this might be happening?
>
> Chris

If you run 'id user' do you see him as a member of the sudo group?

 uid=9009(chris) gid=9001(chris) groups=9001(chris)

OK, I see that it's not picking up that sudo group.

IIRC the functionality for an LDAP user to be a member of a UNIX group
was added sometimes in 1.9..

I have an LDAP group though, and this also doesn't show in the id output. Is this also an issue with the pre-1.9 releases?

admins:*:9000:9009

Kind regards,
Chris