On 01/30/2017 01:38 AM, Jakub Hrozek wrote: > On Fri, Jan 27, 2017 at 02:15:16PM -0700, Orion Poplawski wrote: >> EL7.3 >> Users are in active directory via AD trust with IPA server >> >> sudo is configured via files - users in our default "nwra" group can run >> certain sudo commands, e.g.: >> >> Cmnd_Alias WAKEUP = /sbin/ether-wake * >> %nwra,%visitor,%ivm ALL=NOPASSWD: WAKEUP >> >> However, sometimes when I run sudo /sbin/ether-wake I get prompted for my >> password. Other times it works fine. I've attached some logs from failed >> attempt. > > So the sudo command is successfull in the end, it 'just' prompts for a > password?
No, it fails when given the password: Sorry, user USER is not allowed to execute '/sbin/ether-wake XXX' as root on HOST. Turns out I'm an idiot. Needed to run ipa-adtrust-install on all of the IPA servers and make sure things were working on all of them. Things would break depending on which ipa server the client sssd was connected to. -- Orion Poplawski Technical Manager 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane [email protected] Boulder, CO 80301 http://www.nwra.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
