Hi, I think this may be down to the same problem as the Autofs problem recently, does the version of sudo that the OP is using know about sssd ?? It wasn't until version 1.8.6 on Ubuntu that this worked (they patched it to build with sssd if ldap was disabled)On Wed, Apr 23, 2014 at 10:01 AM, Jakub Hrozek <jhrozek@redhat.com> wrote:
If you run 'id user' do you see him as a member of the sudo group?On Tue, Apr 22, 2014 at 10:52:23PM +0100, Chris Hayes wrote:
> I have SSSD (1.8.4) working fine on Debian Wheezy system, with an LDAP
> backend for users and groups. However, I'm having a problem with sudo.
>
> My sudoers configuration file has the line following line in it:
>
> %sudo ALL=(ALL:ALL) ALL
>
> And my LDAP (via SSSD) user is in that "sudo" group (its UID is in the
> /etc/group file for group sudo, and getent shows this fine).
>
> sudo:x:27:9009
>
> However, when I run a sudo command, I receive the following error:
>
> chris is not in the sudoers file. This incident will be reported.
>
> Can someone help me to understand why this might be happening?
>
> Chris
uid=9009(chris) gid=9001(chris) groups=9001(chris)
OK, I see that it's not picking up that sudo group.
IIRC the functionality for an LDAP user to be a member of a UNIX group
was added sometimes in 1.9..
I have an LDAP group though, and this also doesn't show in the id output. Is this also an issue with the pre-1.9 releases?
admins:*:9000:9009
Kind regards,
Chris
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users