11:47 p.m.
Hello Team,
I have integrated my Ubuntu/Debian and CentOS Servers as IPA Clients to my
FreeIPA Server. The custom sudo rule added by me also works for the users
assigned to the rule.
The first login attempt as well as sudo access works fine. However if the
user logins later or after few days, the sudo user is not recognised and
inturn the user is getting locked out of the server. I have tested this and
can see that even though there is no failed attempt by the user on the
server, pam_sss is giving access_denied error message which intunrs blocks
the user for ever.
Is there any sort of pam settings that needs to be applied?
--
Regards,
Alka Murali
5:45 a.m.
On (10/10/17 12:47), Alka Murali via FreeIPA-users wrote:
Hello Team,
I have integrated my Ubuntu/Debian and CentOS Servers as IPA Clients to my
FreeIPA Server. The custom sudo rule added by me also works for the users
assigned to the rule.
The first login attempt as well as sudo access works fine. However if the
user logins later or after few days, the sudo user is not recognised and
inturn the user is getting locked out of the server. I have tested this and
can see that even though there is no failed attempt by the user on the
server, pam_sss is giving access_denied error message which intunrs blocks
the user for ever.
Is there any sort of pam settings that needs to be applied?
I would recommend to check following pages:
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
https://docs.pagure.org/SSSD.sssd/users/sudo_troubleshooting.html
I'm soory but it is not possible to help without more details.
It is impossible it is a bug so you can test with never version of sssd
1.15.x otherwise please file a bug
https://docs.pagure.org/SSSD.sssd/users/reporting_bugs.html
LS
6:47 a.m.
On 10/10/2017 12:47 AM, Alka Murali via FreeIPA-users wrote:
Hello Team,
I have integrated my Ubuntu/Debian and CentOS Servers as IPA Clients
to my FreeIPA Server. The custom sudo rule added by me also works for
the users assigned to the rule.
The first login attempt as well as sudo access works fine. However if
the user logins later or after few days, the sudo user is not
recognised and inturn the user is getting locked out of the server. I
have tested this and can see that even though there is no failed
attempt by the user on the server, pam_sss is giving access_denied
error message which intunrs blocks the user for ever.
Is there any sort of pam settings that needs to be applied?
I saw a similar issue, but all our servers are CentOS and required an
update of sudo to fix.
--
Mark Haney
Network Engineer at NeoNova
919-460-3330 option 1
mark.haney(a)neonova.net
www.neonova.net
2384
days inactive
2384
days old
freeipa-users@lists.fedorahosted.org
2 comments
3 participants
participants (3)
-
Alka Murali -
Lukas Slebodnik -
Mark Haney