After all the trouble with fixing a botched upgrade I decided it was easier to build a new IPA Server. Now that I have it up and running I am running into an issue with my ipa enrolled clients. I am unable to sudo. The client says: <user>@<host> is not allowed to run sudo on <host>. This incident will be reported.
The HBAC test in the GUI tells me "ACCESS GRANTED" so my policy is setup correctly. I looked at /etc/nsswitch on the client and see a line: sudoers: files sss Shouldn't sss be listed first? Stopping, clearing sssd cache and restarting again doesn't fix it, I presume because the order is wrong. This is happening on two of my ipa clients so far and I hate to go any further until I figure put what the issue is. Is there something on the server side that controls the nsswitch config or do I need to change the config on the client? _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
