Hi

I have an ipa server version 4.5 with one ipa replica and one ipa client, all on CentOS 7.
I need to manage anythings about sudoers on ipa server so I decided to use externaluser in sudo rules, such as below:

# ipa sudorule-show behnam
Rule name: behnam
  Enabled: TRUE
  Host category: all
  Command category: all
  RunAs User category: all
  RunAs Group category: all
  External User: behnam
  Sudo Option: !authenticate

but when I check sudo in client system, it returns that behnam may not run sudo.

[behnam@***** ~]$ sudo -l
[sudo] password for behnam:
Sorry, user behnam may not run sudo on *****