2:04 p.m.
One of my biggest projects is to use ansible to kill OpenLDAP clients on
our production servers and install ipa-client and configured. I'm
probably 95% there with automating the process (still trying to figure
out what pam_ldap crap is floating around after uninstalling those
packages and such) but I've got a weird issue that appears to be related
to the C6 ipa-client setup.
After installing the ipa-client and configuring, I can login as my ipa
user account, but, even though I have SUDO rules in place, I'm getting a
'user is not in sudoers file...etc, etc' on CentOS 6, but /not/ on a
CentOS 7 client I have tested on. I've tried two different C6 boxes
with the same result. The SSSD/nsswitch/pam.d config files are all
identical between the C6 and C7 servers.
The C7 box did not have a previous OpenLDAP client on it, and neither
did one of the C6 boxes, so it doesn't appear to be a problem/conflict
with remnants of OpenLDAP/PAM causing the problem. Sudoers on all the
boxes I'm testing is out-of-the-box vanilla and there are no sudoers.d/
files either.
I'm an IPA newbie, and I gave up on OpenLDAP and PAM (god, what a cockup
that is) almost two decades ago, so I'm not as familiar with it as some
people might be. Here are the package versions for the IPA clients:
C7: ipa-client-4.5.0-21.el7.centos.1.2.x86_64
C6: ipa-client-3.0.0-51.el6.centos.x86_64
The only other thing I can think of to mention is that in
/var/log/secure on the C6 boxes I'm getting a pam_unix.so authentication
failure (obviously since my user isn't on that box) prior to sssd
authenticating me successfully when trying to sudo su. I do not see
that problem on the C7 box.
Any ideas?
--
Mark Haney
Network Engineer at NeoNova
919-460-3330 option 1
mark.haney(a)neonova.net
www.neonova.net
2:44 p.m.
Hi Mark,
Not all CentOS releases are created equal. Support for Sudo appeared later in IPA and
you’ll probably need to update sssd and ipa-client. The one in 6.8 should work fine. I’ve
recently enrolled a few rhel 6.4 servers and noticed the same thing but everything was
solved after doing a yum update sssd.
Cheers,
Răzvan
> On 13 Sep 2017, at 22:04, Mark Haney via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
>
> One of my biggest projects is to use ansible to kill OpenLDAP clients on our
production servers and install ipa-client and configured. I'm probably 95% there with
automating the process (still trying to figure out what pam_ldap crap is floating around
after uninstalling those packages and such) but I've got a weird issue that appears to
be related to the C6 ipa-client setup.
>
> After installing the ipa-client and configuring, I can login as my ipa user account,
but, even though I have SUDO rules in place, I'm getting a 'user is not in sudoers
file...etc, etc' on CentOS 6, but /not/ on a CentOS 7 client I have tested on.
I've tried two different C6 boxes with the same result. The SSSD/nsswitch/pam.d
config files are all identical between the C6 and C7 servers.
>
> The C7 box did not have a previous OpenLDAP client on it, and neither did one of the
C6 boxes, so it doesn't appear to be a problem/conflict with remnants of OpenLDAP/PAM
causing the problem. Sudoers on all the boxes I'm testing is out-of-the-box vanilla
and there are no sudoers.d/ files either.
>
> I'm an IPA newbie, and I gave up on OpenLDAP and PAM (god, what a cockup that is)
almost two decades ago, so I'm not as familiar with it as some people might be. Here
are the package versions for the IPA clients:
>
> C7: ipa-client-4.5.0-21.el7.centos.1.2.x86_64
>
> C6: ipa-client-3.0.0-51.el6.centos.x86_64
>
> The only other thing I can think of to mention is that in /var/log/secure on the C6
boxes I'm getting a pam_unix.so authentication failure (obviously since my user
isn't on that box) prior to sssd authenticating me successfully when trying to sudo
su. I do not see that problem on the C7 box.
>
> Any ideas?
>
> --
> Mark Haney
> Network Engineer at NeoNova
> 919-460-3330 option 1
> mark.haney(a)neonova.net
> www.neonova.net
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
2:53 p.m.
On 09/13/2017 03:44 PM, Răzvan Corneliu C.R. VILT via FreeIPA-users wrote:
Hi Mark,
Not all CentOS releases are created equal. Support for Sudo appeared later in IPA and
you’ll probably need to update sssd and ipa-client. The one in 6.8 should work fine. I’ve
recently enrolled a few rhel 6.4 servers and noticed the same thing but everything was
solved after doing a yum update sssd.
Cheers,
Răzvan
Unfortunately, sssd is already the 6.9 version:
python-sssdconfig-1.13.3-57.el6_9.noarch
sssd-common-1.13.3-57.el6_9.x86_64
sssd-common-pac-1.13.3-57.el6_9.x86_64
sssd-ad-1.13.3-57.el6_9.x86_64
sssd-ldap-1.13.3-57.el6_9.x86_64
sssd-1.13.3-57.el6_9.x86_64
sssd-client-1.13.3-57.el6_9.x86_64
sssd-krb5-common-1.13.3-57.el6_9.x86_64
sssd-ipa-1.13.3-57.el6_9.x86_64
sssd-krb5-1.13.3-57.el6_9.x86_64
sssd-proxy-1.13.3-57.el6_9.x86_64
--
Mark Haney
Network Engineer at NeoNova
919-460-3330 option 1
mark.haney(a)neonova.net
www.neonova.net
3:05 p.m.
On ke, 13 syys 2017, Mark Haney via FreeIPA-users wrote:
On 09/13/2017 03:44 PM, Răzvan Corneliu C.R. VILT via FreeIPA-users
wrote:
>Hi Mark,
>
>Not all CentOS releases are created equal. Support for Sudo appeared
>later in IPA and you’ll probably need to update sssd and ipa-client.
>The one in 6.8 should work fine. I’ve recently enrolled a few rhel 6.4
>servers and noticed the same thing but everything was solved after
>doing a yum update sssd.
>
>Cheers,
>Răzvan
>
Unfortunately, sssd is already the 6.9 version:
python-sssdconfig-1.13.3-57.el6_9.noarch
sssd-common-1.13.3-57.el6_9.x86_64
sssd-common-pac-1.13.3-57.el6_9.x86_64
sssd-ad-1.13.3-57.el6_9.x86_64
sssd-ldap-1.13.3-57.el6_9.x86_64
sssd-1.13.3-57.el6_9.x86_64
sssd-client-1.13.3-57.el6_9.x86_64
sssd-krb5-common-1.13.3-57.el6_9.x86_64
sssd-ipa-1.13.3-57.el6_9.x86_64
sssd-krb5-1.13.3-57.el6_9.x86_64
sssd-proxy-1.13.3-57.el6_9.x86_64
Check sudo version as well.
--
/ Alexander Bokovoy
3:25 p.m.
On Wed, Sep 13, 2017 at 11:05:25PM +0300, Alexander Bokovoy via FreeIPA-users wrote:
On ke, 13 syys 2017, Mark Haney via FreeIPA-users wrote:
> On 09/13/2017 03:44 PM, Răzvan Corneliu C.R. VILT via FreeIPA-users wrote:
> > Hi Mark,
> >
> > Not all CentOS releases are created equal. Support for Sudo appeared
> > later in IPA and you’ll probably need to update sssd and ipa-client.
> > The one in 6.8 should work fine. I’ve recently enrolled a few rhel 6.4
> > servers and noticed the same thing but everything was solved after
> > doing a yum update sssd.
> >
> > Cheers,
> > Răzvan
> >
> Unfortunately, sssd is already the 6.9 version:
>
> python-sssdconfig-1.13.3-57.el6_9.noarch
> sssd-common-1.13.3-57.el6_9.x86_64
> sssd-common-pac-1.13.3-57.el6_9.x86_64
> sssd-ad-1.13.3-57.el6_9.x86_64
> sssd-ldap-1.13.3-57.el6_9.x86_64
> sssd-1.13.3-57.el6_9.x86_64
> sssd-client-1.13.3-57.el6_9.x86_64
> sssd-krb5-common-1.13.3-57.el6_9.x86_64
> sssd-ipa-1.13.3-57.el6_9.x86_64
> sssd-krb5-1.13.3-57.el6_9.x86_64
> sssd-proxy-1.13.3-57.el6_9.x86_64
Check sudo version as well.
And if that doesn't help, follow
https://docs.pagure.org/SSSD.sssd/users/sudo_troubleshooting.html
Do you use default_domain_suffix with IPA-AD trusts? That's one thing
that's known to not work on el6..
6:15 a.m.
Well this is interesting. The latest version of sudo
is sudo-1.8.6p3-29.el6_9.x86_64. Mine is sudo-1.8.6-7.el6.x86_64. The
issue here is that this box is CentOS 6.4 and I can't fully update it to
6.9. But I can't simply update sudo by itself:
[root@secure nnsops]# yum update sudo
Loaded plugins: changelog, fastestmirror
Setting up Update Process
Loading mirror speeds from cached hostfile
* base: mirror.cogentco.com
* epel: mirror.nodesdirect.com
* extras: mirror.team-cymru.org
* updates: centos.vwtonline.net
No Packages marked for Update
That's a good call on checking it, but I don't understand why I can't
simply yum update sudo. I can download the package and update it, but I'm
at a loss as to why I'm not seeing it even when I run just 'yum update'. I
swear, I just don't understand how these systems were left not updated for
years. This box is currently 6.4.
On Wed, Sep 13, 2017 at 4:25 PM, Jakub Hrozek via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
On Wed, Sep 13, 2017 at 11:05:25PM +0300, Alexander Bokovoy via
FreeIPA-users wrote:
> On ke, 13 syys 2017, Mark Haney via FreeIPA-users wrote:
> > On 09/13/2017 03:44 PM, Răzvan Corneliu C.R. VILT via FreeIPA-users
wrote:
> > > Hi Mark,
> > >
> > > Not all CentOS releases are created equal. Support for Sudo appeared
> > > later in IPA and you’ll probably need to update sssd and ipa-client.
> > > The one in 6.8 should work fine. I’ve recently enrolled a few rhel
6.4
> > > servers and noticed the same thing but everything was solved after
> > > doing a yum update sssd.
> > >
> > > Cheers,
> > > Răzvan
> > >
> > Unfortunately, sssd is already the 6.9 version:
> >
> > python-sssdconfig-1.13.3-57.el6_9.noarch
> > sssd-common-1.13.3-57.el6_9.x86_64
> > sssd-common-pac-1.13.3-57.el6_9.x86_64
> > sssd-ad-1.13.3-57.el6_9.x86_64
> > sssd-ldap-1.13.3-57.el6_9.x86_64
> > sssd-1.13.3-57.el6_9.x86_64
> > sssd-client-1.13.3-57.el6_9.x86_64
> > sssd-krb5-common-1.13.3-57.el6_9.x86_64
> > sssd-ipa-1.13.3-57.el6_9.x86_64
> > sssd-krb5-1.13.3-57.el6_9.x86_64
> > sssd-proxy-1.13.3-57.el6_9.x86_64
> Check sudo version as well.
And if that doesn't help, follow
https://docs.pagure.org/SSSD.sssd/users/sudo_troubleshooting.html
Do you use default_domain_suffix with IPA-AD trusts? That's one thing
that's known to not work on el6..
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
--
[image: photo]
Mark Haney
Network Engineer at NeoNova
919-460-3330 <(919)%20460-3330> (opt 1) • mark.haney(a)neonova.net
www.neonova.net <https://neonova.net/>
<https://www.facebook.com/NeoNovaNNS/> <https://twitter.com/NeoNova_NNS>
<http://www.linkedin.com/company/neonova-network-services>
6:21 a.m.
You're probably not using the 6.9 repos. Try to temporarily set your repos to the 6.9
ones instead of using $releasever.
On 14 Sep 2017, at 14:15, Mark Haney via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Well this is interesting. The latest version of sudo is sudo-1.8.6p3-29.el6_9.x86_64.
Mine is sudo-1.8.6-7.el6.x86_64. The issue here is that this box is CentOS 6.4 and I
can't fully update it to 6.9. But I can't simply update sudo by itself:
[root@secure nnsops]# yum update sudo
Loaded plugins: changelog, fastestmirror
Setting up Update Process
Loading mirror speeds from cached hostfile
* base: mirror.cogentco.com <http://mirror.cogentco.com/>
* epel: mirror.nodesdirect.com <http://mirror.nodesdirect.com/>
* extras: mirror.team-cymru.org <http://mirror.team-cymru.org/>
* updates: centos.vwtonline.net <http://centos.vwtonline.net/>
No Packages marked for Update
That's a good call on checking it, but I don't understand why I can't simply
yum update sudo. I can download the package and update it, but I'm at a loss as to
why I'm not seeing it even when I run just 'yum update'. I swear, I just
don't understand how these systems were left not updated for years. This box is
currently 6.4.
On Wed, Sep 13, 2017 at 4:25 PM, Jakub Hrozek via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>> wrote:
On Wed, Sep 13, 2017 at 11:05:25PM +0300, Alexander Bokovoy via FreeIPA-users wrote:
> On ke, 13 syys 2017, Mark Haney via FreeIPA-users wrote:
> > On 09/13/2017 03:44 PM, Răzvan Corneliu C.R. VILT via FreeIPA-users wrote:
> > > Hi Mark,
> > >
> > > Not all CentOS releases are created equal. Support for Sudo appeared
> > > later in IPA and you’ll probably need to update sssd and ipa-client.
> > > The one in 6.8 should work fine. I’ve recently enrolled a few rhel 6.4
> > > servers and noticed the same thing but everything was solved after
> > > doing a yum update sssd.
> > >
> > > Cheers,
> > > Răzvan
> > >
> > Unfortunately, sssd is already the 6.9 version:
> >
> > python-sssdconfig-1.13.3-57.el6_9.noarch
> > sssd-common-1.13.3-57.el6_9.x86_64
> > sssd-common-pac-1.13.3-57.el6_9.x86_64
> > sssd-ad-1.13.3-57.el6_9.x86_64
> > sssd-ldap-1.13.3-57.el6_9.x86_64
> > sssd-1.13.3-57.el6_9.x86_64
> > sssd-client-1.13.3-57.el6_9.x86_64
> > sssd-krb5-common-1.13.3-57.el6_9.x86_64
> > sssd-ipa-1.13.3-57.el6_9.x86_64
> > sssd-krb5-1.13.3-57.el6_9.x86_64
> > sssd-proxy-1.13.3-57.el6_9.x86_64
> Check sudo version as well.
And if that doesn't help, follow
https://docs.pagure.org/SSSD.sssd/users/sudo_troubleshooting.html
<https://docs.pagure.org/SSSD.sssd/users/sudo_troubleshooting.html>
Do you use default_domain_suffix with IPA-AD trusts? That's one thing
that's known to not work on el6..
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
--
Mark Haney
Network Engineer at NeoNova
919-460-3330 <tel:(919)%20460-3330> (opt 1) • mark.haney(a)neonova.net
<mailto:mark.haney@neonova.net>
www.neonova.net <https://neonova.net/>
<https://www.facebook.com/NeoNovaNNS/> <https://twitter.com/NeoNova_NNS>
<http://www.linkedin.com/company/neonova-network-services>_____________...
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
6:46 a.m.
Okay, maybe something is very wrong with this server. I can't even set
that and have it see updates. I even hardcoded the URL to a repo I KNOW
has the updated sudo version. Still says no updates. I am so lost on
this. It makes no sense.
So I downloaded the latest version of the sudo rpm and tried to install it
with yum. This is what I get:
[root@secure nnsops]# yum install sudo-1.8.6p3-29.el6_9.x86_64.rpm
Loaded plugins: changelog, fastestmirror
Setting up Install Process
Examining sudo-1.8.6p3-29.el6_9.x86_64.rpm: sudo-1.8.6p3-29.el6_9.x86_64
Error: Nothing to do
[root@secure nnsops]# rpm -qa | grep sudo
sudo-1.8.6-7.el6.x86_64
This is insane.
On Thu, Sep 14, 2017 at 7:21 AM, Răzvan Vilt <razvan.vilt(a)me.com> wrote:
You're probably not using the 6.9 repos. Try to temporarily set
your repos
to the 6.9 ones instead of using $releasever.
On 14 Sep 2017, at 14:15, Mark Haney via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
Well this is interesting. The latest version of sudo
is sudo-1.8.6p3-29.el6_9.x86_64. Mine is sudo-1.8.6-7.el6.x86_64. The
issue here is that this box is CentOS 6.4 and I can't fully update it to
6.9. But I can't simply update sudo by itself:
[root@secure nnsops]# yum update sudo
Loaded plugins: changelog, fastestmirror
Setting up Update Process
Loading mirror speeds from cached hostfile
* base: mirror.cogentco.com
* epel: mirror.nodesdirect.com
* extras: mirror.team-cymru.org
* updates: centos.vwtonline.net
No Packages marked for Update
That's a good call on checking it, but I don't understand why I can't
simply yum update sudo. I can download the package and update it, but I'm
at a loss as to why I'm not seeing it even when I run just 'yum update'. I
swear, I just don't understand how these systems were left not updated for
years. This box is currently 6.4.
On Wed, Sep 13, 2017 at 4:25 PM, Jakub Hrozek via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
> On Wed, Sep 13, 2017 at 11:05:25PM +0300, Alexander Bokovoy via
> FreeIPA-users wrote:
> > On ke, 13 syys 2017, Mark Haney via FreeIPA-users wrote:
> > > On 09/13/2017 03:44 PM, Răzvan Corneliu C.R. VILT via FreeIPA-users
> wrote:
> > > > Hi Mark,
> > > >
> > > > Not all CentOS releases are created equal. Support for Sudo appeared
> > > > later in IPA and you’ll probably need to update sssd and ipa-client.
> > > > The one in 6.8 should work fine. I’ve recently enrolled a few rhel
> 6.4
> > > > servers and noticed the same thing but everything was solved after
> > > > doing a yum update sssd.
> > > >
> > > > Cheers,
> > > > Răzvan
> > > >
> > > Unfortunately, sssd is already the 6.9 version:
> > >
> > > python-sssdconfig-1.13.3-57.el6_9.noarch
> > > sssd-common-1.13.3-57.el6_9.x86_64
> > > sssd-common-pac-1.13.3-57.el6_9.x86_64
> > > sssd-ad-1.13.3-57.el6_9.x86_64
> > > sssd-ldap-1.13.3-57.el6_9.x86_64
> > > sssd-1.13.3-57.el6_9.x86_64
> > > sssd-client-1.13.3-57.el6_9.x86_64
> > > sssd-krb5-common-1.13.3-57.el6_9.x86_64
> > > sssd-ipa-1.13.3-57.el6_9.x86_64
> > > sssd-krb5-1.13.3-57.el6_9.x86_64
> > > sssd-proxy-1.13.3-57.el6_9.x86_64
> > Check sudo version as well.
>
> And if that doesn't help, follow
> https://docs.pagure.org/SSSD.sssd/users/sudo_troubleshooting.html
>
> Do you use default_domain_suffix with IPA-AD trusts? That's one thing
> that's known to not work on el6..
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedo
> rahosted.org
>
--
[image: photo]
Mark Haney
Network Engineer at NeoNova
919-460-3330 <(919)%20460-3330> (opt 1) • mark.haney(a)neonova.net
www.neonova.net <https://neonova.net/>
<https://www.facebook.com/NeoNovaNNS/> <https://twitter.com/NeoNova_NNS>
<http://www.linkedin.com/company/neonova-network-services>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
--
[image: photo]
Mark Haney
Network Engineer at NeoNova
919-460-3330 <(919)%20460-3330> (opt 1) • mark.haney(a)neonova.net
www.neonova.net <https://neonova.net/>
<https://www.facebook.com/NeoNovaNNS/> <https://twitter.com/NeoNova_NNS>
<http://www.linkedin.com/company/neonova-network-services>
7:57 a.m.
On to, 14 syys 2017, Mark Haney via FreeIPA-users wrote:
Well this is interesting. The latest version of sudo
is sudo-1.8.6p3-29.el6_9.x86_64. Mine is sudo-1.8.6-7.el6.x86_64. The
issue here is that this box is CentOS 6.4 and I can't fully update it to
6.9. But I can't simply update sudo by itself:
[root@secure nnsops]# yum update sudo
Loaded plugins: changelog, fastestmirror
Setting up Update Process
Loading mirror speeds from cached hostfile
* base: mirror.cogentco.com
* epel: mirror.nodesdirect.com
* extras: mirror.team-cymru.org
* updates: centos.vwtonline.net
No Packages marked for Update
That's a good call on checking it, but I don't understand why I can't
simply yum update sudo. I can download the package and update it, but I'm
at a loss as to why I'm not seeing it even when I run just 'yum update'. I
swear, I just don't understand how these systems were left not updated for
years. This box is currently 6.4.
This is CentOS. See CentOS updates policy:
https://wiki.centos.org/FAQ/General#head-dcca41e9a3d5ac4c6d900a991990fd11...
--
/ Alexander Bokovoy
8:22 a.m.
Sigh. As I said, I edited the repo to point DIRECTLY to 6.9 and got the
same result. Care to explain that with some other policy? Even then,
DOWNLOADING the RPM still will not install. Is there a policy for that
too?
On Thu, Sep 14, 2017 at 8:57 AM, Alexander Bokovoy <abokovoy(a)redhat.com>
wrote:
On to, 14 syys 2017, Mark Haney via FreeIPA-users wrote:
> Well this is interesting. The latest version of sudo
> is sudo-1.8.6p3-29.el6_9.x86_64. Mine is sudo-1.8.6-7.el6.x86_64. The
> issue here is that this box is CentOS 6.4 and I can't fully update it to
> 6.9. But I can't simply update sudo by itself:
>
> [root@secure nnsops]# yum update sudo
> Loaded plugins: changelog, fastestmirror
> Setting up Update Process
> Loading mirror speeds from cached hostfile
> * base: mirror.cogentco.com
> * epel: mirror.nodesdirect.com
> * extras: mirror.team-cymru.org
> * updates: centos.vwtonline.net
> No Packages marked for Update
>
> That's a good call on checking it, but I don't understand why I can't
> simply yum update sudo. I can download the package and update it, but I'm
> at a loss as to why I'm not seeing it even when I run just 'yum update'.
I
> swear, I just don't understand how these systems were left not updated for
> years. This box is currently 6.4.
>
This is CentOS. See CentOS updates policy: https://wiki.centos.org/FAQ/Ge
neral#head-dcca41e9a3d5ac4c6d900a991990fd11930867d6
--
/ Alexander Bokovoy
--
[image: photo]
Mark Haney
Network Engineer at NeoNova
919-460-3330 <(919)%20460-3330> (opt 1) • mark.haney(a)neonova.net
www.neonova.net <https://neonova.net/>
<https://www.facebook.com/NeoNovaNNS/> <https://twitter.com/NeoNova_NNS>
<http://www.linkedin.com/company/neonova-network-services>
8:41 a.m.
On to, 14 syys 2017, Mark Haney via FreeIPA-users wrote:
Sigh. As I said, I edited the repo to point DIRECTLY to 6.9 and got
the
same result. Care to explain that with some other policy? Even then,
DOWNLOADING the RPM still will not install. Is there a policy for that
too?
Well, I only pointed out that update repos for older releases stop being
updated in CentOS after some time. Why local system does not update when
you point directly to a supported release is a different story. Perhaps,
you have some yum plugins that prevent that upgrade? Check /etc/yum/*
configuration.
On Thu, Sep 14, 2017 at 8:57 AM, Alexander Bokovoy <abokovoy(a)redhat.com>
wrote:
> On to, 14 syys 2017, Mark Haney via FreeIPA-users wrote:
>
>> Well this is interesting. The latest version of sudo
>> is sudo-1.8.6p3-29.el6_9.x86_64. Mine is sudo-1.8.6-7.el6.x86_64. The
>> issue here is that this box is CentOS 6.4 and I can't fully update it to
>> 6.9. But I can't simply update sudo by itself:
>>
>> [root@secure nnsops]# yum update sudo
>> Loaded plugins: changelog, fastestmirror
>> Setting up Update Process
>> Loading mirror speeds from cached hostfile
>> * base: mirror.cogentco.com
>> * epel: mirror.nodesdirect.com
>> * extras: mirror.team-cymru.org
>> * updates: centos.vwtonline.net
>> No Packages marked for Update
>>
>> That's a good call on checking it, but I don't understand why I
can't
>> simply yum update sudo. I can download the package and update it, but I'm
>> at a loss as to why I'm not seeing it even when I run just 'yum
update'. I
>> swear, I just don't understand how these systems were left not updated for
>> years. This box is currently 6.4.
>>
> This is CentOS. See CentOS updates policy: https://wiki.centos.org/FAQ/Ge
> neral#head-dcca41e9a3d5ac4c6d900a991990fd11930867d6
>
> --
> / Alexander Bokovoy
>
--
[image: photo]
Mark Haney
Network Engineer at NeoNova
919-460-3330 <(919)%20460-3330> (opt 1) • mark.haney(a)neonova.net
www.neonova.net <https://neonova.net/>
<https://www.facebook.com/NeoNovaNNS/> <https://twitter.com/NeoNova_NNS>
<http://www.linkedin.com/company/neonova-network-services>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
--
/ Alexander Bokovoy
7:48 a.m.
On 09/14/2017 09:41 AM, Alexander Bokovoy wrote:
On to, 14 syys 2017, Mark Haney via FreeIPA-users wrote:
> Sigh. As I said, I edited the repo to point DIRECTLY to 6.9 and got the
> same result. Care to explain that with some other policy? Even then,
> DOWNLOADING the RPM still will not install. Is there a policy for that
> too?
Well, I only pointed out that update repos for older releases stop being
updated in CentOS after some time. Why local system does not update when
you point directly to a supported release is a different story. Perhaps,
you have some yum plugins that prevent that upgrade? Check /etc/yum/*
configuration.
Well, after three days, I finally got sudo updated. And that fixed the
problem I was having.
Turns out someone, in their infinite wisdom, had excluded sudo from
being updated. No one in their right mind should ever need to exclude
that significant a package, so I failed to check for exclusion. I'm
really embarrassed for whoever did something that moronic, but that's
probably why they are no longer here.
--
Mark Haney
Network Engineer at NeoNova
919-460-3330 option 1
mark.haney(a)neonova.net
www.neonova.net
2409
days inactive
2411
days old
freeipa-users@lists.fedorahosted.org
11 comments
5 participants
participants (5)
-
Alexander Bokovoy -
Jakub Hrozek -
Mark Haney -
Răzvan Corneliu C.R. VILT -
Răzvan Vilt