Hello,

I'm trying to figure out why an ad-domain user cannot use sudo.

When I test with

ipa hbactest --user=ansible --host ipa01.linux.example.com --service sudo-i

It says access granted: True

however if I issue the command 'sudo -l -U ansible' on the ipa01 host it says:User ansible@windows.example.com is not allowed to run sudo on ipa01

It works for an ipa user using the same sudo rule.

id ansible works as well on the ipa01 host

uid=1958801104(ansible@windows.example.com) gid=1958801104(ansible@windows.example.com) groups=1958801104(ansible@windows.example.com),1958800512(domain admins@windows.example.com),1958800513(domain users@windows.example.com)

the user ansible can login to the ipa01 host but cannot issue sudo -i.

What am I missing ?

Rob Verduijn