Hello Kevin, Kevin Vasko via FreeIPA-users <[email protected]> writes:
> I know this is probably stupid but we have a server with a local > account (let’s call this local user “user1”). This server and its > install predated our IPA install. This local user also has sudoers > exception for this account for a “NOPASSWD” locally on this machine > and this machine alone. > > After some period of time (it’s been like this for years), we added > this “user1” account to FreeIPA so we could use it on other select > machine. We kept using the local account as if nothing changed. > ... > > If I remove “sss” from the nsswitch sudoers line it works as expected. > > Is this a regression in sssd or something else Im missing? I don't think it's a pure regression. I think the supported way to "migrate" a former local user to IPA with another uid or others is to define an id view for user1 on the ubuntu host and use uid 1000 there. I'd hope that deleting the local user just changes the password to the IPA one and sudo starts working. If you want to debug your install further, you'd probably need to enable tracing in sssd and look for clues, Jochen -- This space is intentionally left blank. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
