On 24 May 2019, at 13:00, Rob Verduijn via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:_______________________________________________Hello,I'm trying to figure out why an ad-domain user cannot use sudo.When I test withipa hbactest --user=ansible --host ipa01.linux.example.com --service sudo-iIt says access granted: Truehowever if I issue the command 'sudo -l -U ansible' on the ipa01 host it says:User ansible@windows.example.com is not allowed to run sudo on ipa01It works for an ipa user using the same sudo rule.id ansible works as well on the ipa01 hostuid=1958801104(ansible@windows.example.com) gid=1958801104(ansible@windows.example.com) groups=1958801104(ansible@windows.example.com),1958800512(domain admins@windows.example.com),1958800513(domain users@windows.example.com)the user ansible can login to the ipa01 host but cannot issue sudo -i.What am I missing ?Rob Verduijn
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org