I have a fresh installation of CentOS 6.8 joined to a FreeIPA 4.3.0 domain on Fedora 23.
When I try to sudo on this host, it fails. Here are the log entries from /var/log/secure. Note that we have several hundred CentOS 6.5-6.7 machines where this works fine. Is this a new bug in CentOS 6.8? Jun 7 20:14:48 cass1 sudo: pam_unix(sudo:auth): authentication failure; logname=nathan.peters uid=756600344 euid=0 tty=/dev/pts/0 ruser=nathan.peters rhost= user=nathan.peters Jun 7 20:14:48 cass1 sudo: pam_sss(sudo:auth): authentication success; logname=nathan.peters uid=756600344 euid=0 tty=/dev/pts/0 ruser=nathan.peters rhost= user=nathan.peters Jun 7 20:14:48 cass1 sudo: nathan.peters : user NOT authorized on host ; TTY=pts/0 ; PWD=/home/nathan.peters ; USER=root ; COMMAND=/bin/su - Jun 7 20:15:22 cass1 sudo: pam_unix(sudo-i:auth): conversation failed Jun 7 20:15:22 cass1 sudo: pam_unix(sudo-i:auth): auth could not identify password for [nathan.peters] Jun 7 20:15:22 cass1 sudo: pam_sss(sudo-i:auth): authentication failure; logname=nathan.peters uid=756600344 euid=0 tty=/dev/pts/0 ruser=nathan.peters rhost= user=nathan.peters Jun 7 20:15:22 cass1 sudo: pam_sss(sudo-i:auth): received for user nathan.peters: 7 (Authentication failure) Jun 7 20:15:22 cass1 sudo: nathan.peters : user NOT authorized on host ; TTY=pts/0 ; PWD=/home/nathan.peters ; USER=root ; COMMAND=/bin/bash
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
