On 10/10/2017 12:47 AM, Alka Murali via FreeIPA-users wrote:
Hello Team,
I have integrated my Ubuntu/Debian and CentOS Servers as IPA Clients
to my FreeIPA Server. The custom sudo rule added by me also works for
the users assigned to the rule.
The first login attempt as well as sudo access works fine. However if
the user logins later or after few days, the sudo user is not
recognised and inturn the user is getting locked out of the server. I
have tested this and can see that even though there is no failed
attempt by the user on the server, pam_sss is giving access_denied
error message which intunrs blocks the user for ever.
Is there any sort of pam settings that needs to be applied?
I saw a similar issue, but all our servers are CentOS and required an
update of sudo to fix.
--
Mark Haney
Network Engineer at NeoNova
919-460-3330 option 1
mark.haney(a)neonova.net
www.neonova.net