Learn more about these different git repos.
Other Git URLs
The long and exhaustive circumstances surrounding this bug report are here: http://serverfault.com/questions/786800/ipa-users-cannot-sudo-on-some-machines-only-including-the-ipa-server?noredirect=1#comment994423_786800
But essentially, sssd does not cache the sudo rules which breaks sudo from working for ipa users on machines which make use of 4.2.0-15.0.1.el7.centos.17.x86_64. This did not happen on a server which was using ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64 until it upgraded the ipa and sss packages.
4.2.0-15.0.1.el7.centos.17.x86_64 is the latest release on centos7, so right now any machine which upgrades sss to the latest will breka sudo from caching into sssd correctly.
this is a manifestation of this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1256849
It seems that enabling the compat tree solved the issue.
This can be closed now (i can't close it myself apparently)
This is a duplicate of #3046. We still can't reproduce it in-house. If you can give us an example of a group and a sudo rule and the matching compat tree output that reproduces the bug, it would be really helpful.
In the meantime, I'm closing this bug. Please feel free to add your comments to #3046.
resolution: => duplicate status: new => closed
Metadata Update from @sirex: - Issue set to the milestone: NEEDS_TRIAGE
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4115
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.