On 11/29/22 15:43, Kevin Vasko wrote:
passwd: compat systemd sss group: compat systemd sss
I changed it to be
passwd: files compat systemd sss group: files compat systemd sss
and still had the same problem.
id_provider=ipa
Yes Ubuntu.
sssd 2.2.3-3ubuntu0.9
This same named user that was created local is also in our IPA server but want this local account and settings on this machine to override that.
-Kevin
On Nov 29, 2022, at 3:03 AM, Alexey Tikhonov atikhono@redhat.com wrote:
Hi,
On Tue, Nov 29, 2022 at 1:10 AM Kevin Vasko <kvasko@gmail.com mailto:kvasko@gmail.com> wrote:
We have a local user that has an entry in sudoers for a “NOPASSWD”. In /etc/nsswitch.conf we have: sudoers: files sss
What is in 'passwd:' and 'group:'? Do you use 'id_provider=files' in 'sssd.conf'?
For some reason sssd is falling back to sssd even though we have the “files” entry first and is checking our FreeIPA instance and rejecting it and prompts for password. if I make it sudoers: files It works. This was working without issue on 18.04, we upgraded to 20.04 and now see the problem.
I guess this is Ubuntu version? Could you please specify SSSD package versions?
Is there a way to make it prioritize the local sudoers and stop looking on sssd?
In general, SSSD does not support name collisions. You should make the ipa domain to require fully qualified names.
Depending on the problem, there might be a way to solve it. However, I must admit, I do not fully understand your issue. Can you be more descriptive and provide some examples?
Thank you, Pavel