On 10/15/2012 04:34 PM, Macklin, Jason wrote: > > Hi, > > > > I apologize up front if this is obvious, but I'm having issues > configuring sudo privileges. > > > > I currently have an IPA server running FreeIPA 2.2 with sudo > configured for our administrators on all hosts. This works > fantastic! As soon as I attempt to configure a more specific sudo > rule it does not work. In my troubleshooting, I have noticed that > from the same host my admin level privileges work, but with another > user account setup to just run one command, it fails. I have turned > on sudo debugging and the only thing I can find that looks out of > sorts is the following: > > > > sudo: host_matches=0 > > > > As soon as I move the user account that is failing into the admin > group it starts to work. > > > > I have attempted every iteration of sudo configuration on the server > that I can think of. I have setup HBAC and given that a shot as > well. At this point I'm completely stumped and would appreciate any > help that I can get! >
What does sudo test return? Does it return the expected results? Can you be more specific about the rule you have? Based on the description you have a rule that points to a specific user. If this user is referred to in the rule explicitly sudo does not work properly but if you move user to a group that is referenced by the rule then the rule works as expected. Is this correct description of the problem? I assume that you are turning off allow_all rule that allows anyone to do anything by default, right? > > > Thank you in advance for your assistance, > > Jason > > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
