Hello,
I'm running a 4.9 server.
I added an AD as an external group in a sudo rule following:
ipa sudorule-add-user "admins" --groups "admins du domaine(a)levant.abes.fr"
I notice two kinds of comportment on the guests:
* el8 with 4.9 client can successfully sudo
* el7 with 4.6 client are not allowed to perform sudo (no rule
matching in the logs)
Now, if I use the old way to do, i.e:
* create a non POSIX external group containing "admins du
domaine(a)levant.abes.fr"
* and add that group to a POSIX group
ipa sudorule-add-user "admins" --groups ad_admins_external
I can perform sudo in any case.
My deduction is that there is something not backported in the el7 4.6
client that does exist int el8 4.9 client.
I suppose there shouldn't be any restriction to make the 4.6 client work
in this case. So is this a bug?
Second question: I've been looking for a long time a way to get the el7
4.9 client, but it doesn't seem to exist (maybe compile from sources).
Why is this client not packaged for el7 ?
--
Nathanaël Blanchet
Supervision réseau
SIRE
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanchet(a)abes.fr