On Wed, Apr 23, 2014 at 1:37 PM, Rowland Penny <repenny241155(a)gmail.com>wrote:
On 23/04/14 10:50, Chris Hayes wrote:
On Wed, Apr 23, 2014 at 10:01 AM, Jakub Hrozek <jhrozek(a)redhat.com>wrote:
> On Tue, Apr 22, 2014 at 10:52:23PM +0100, Chris Hayes wrote:
> > I have SSSD (1.8.4) working fine on Debian Wheezy system, with an LDAP
> > backend for users and groups. However, I'm having a problem with sudo.
> >
> > My sudoers configuration file has the line following line in it:
> >
> > %sudo ALL=(ALL:ALL) ALL
> >
> > And my LDAP (via SSSD) user is in that "sudo" group (its UID is in
the
> > /etc/group file for group sudo, and getent shows this fine).
> >
> > sudo:x:27:9009
> >
> > However, when I run a sudo command, I receive the following error:
> >
> > chris is not in the sudoers file. This incident will be reported.
> >
> > Can someone help me to understand why this might be happening?
> >
> > Chris
>
> If you run 'id user' do you see him as a member of the sudo group?
>
uid=9009(chris) gid=9001(chris) groups=9001(chris)
OK, I see that it's not picking up that sudo group.
IIRC the functionality for an LDAP user to be a member of a UNIX group
> was added sometimes in 1.9..
>
I have an LDAP group though, and this also doesn't show in the id
output. Is this also an issue with the pre-1.9 releases?
admins:*:9000:9009
Kind regards,
Chris
_______________________________________________
sssd-users mailing
listsssd-users@lists.fedorahosted.orghttps://lists.fedorahosted.org/mailman/listinfo/sssd-users
Hi, I think this may be down to the same problem as the Autofs problem
recently, does the version of sudo that the OP is using know about sssd ??
It wasn't until version 1.8.6 on Ubuntu that this worked (they patched it
to build with sssd if ldap was disabled)
Rowland
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users