As <persona, e.g. admin> , I want <what?> so that <why?>.
[description of the issue] After login with LDAP account running (sudo -l) , receiving command not found error and second time it is working
while running first time always show command not allowed in (secure log file) and second time to run again sudo -l , it is working fine
Need to run in first attempt to run sudo -l command successfully
$ [root@unipaynextmapp215 home]# uname -r 3.10.0-1127.el7.x86_64 [root@unipaynextmapp215 home]# cat /etc/redhat-release CentOS Linux release 7.8.2003 (Core) [root@unipaynextmapp215 home]# rpm -q ipa-client ipa-client-4.6.6-11.el7.centos.x86_64
Any additional information, configuration, data or log snippets that is needed for reproduction or investigation of the issue. Aug 11 15:32:13 unipaynextmapp215 sshd[16437]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.100.194 user=testuser Aug 11 15:32:13 unipaynextmapp215 sshd[16432]: Accepted keyboard-interactive/pam for testuser from 10.10.100.194 port 63636 ssh2 Aug 11 15:32:13 unipaynextmapp215 sshd[16432]: pam_unix(sshd:session): session opened for user testuser by (uid=0) Aug 11 15:32:20 unipaynextmapp215 sudo: pam_sss(sudo:auth): authentication success; logname=testuser uid=709800010 euid=0 tty=/dev/pts/1 ruser=testuser rhost= user=testuser Aug 11 15:32:21 unipaynextmapp215 sudo: testuser : command not allowed ; TTY=pts/1 ; PWD=/home/testuser ; USER=root ; COMMAND=list Aug 11 15:32:39 unipaynextmapp215 sudo: pam_sss(sudo:auth): authentication success; logname=testuser uid=709800010 euid=0 tty=/dev/pts/1 ruser=testuser rhost= user=testuser Aug 11 15:32:39 unipaynextmapp215 sudo: testuser : command not allowed ; TTY=pts/1 ; PWD=/home/testuser ; USER=root ; COMMAND=list Aug 11 15:32:44 unipaynextmapp215 sudo: pam_sss(sudo:auth): authentication success; logname=testuser uid=709800010 euid=0 tty=/dev/pts/1 ruser=testuser rhost= user=testuser Aug 11 15:32:44 unipaynextmapp215 sudo: testuser : TTY=pts/1 ; PWD=/home/testuser ; USER=root ; COMMAND=list Aug 11 15:36:40 unipaynextmapp215 sudo: testuser : command not allowed ; TTY=pts/1 ; PWD=/home/testuser ; USER=root ; COMMAND=list Aug 11 15:36:53 unipaynextmapp215 sudo: testuser : TTY=pts/1 ; PWD=/home/testuser ; USER=root ; COMMAND=list
Log file locations: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/config-files-logs.html Troubleshooting guide: https://www.freeipa.org/page/Troubleshooting
This is not an issue in FreeIPA itself. If you want to figure it out, please use SSSD users mailing list and talk to SSSD developers because 'sudo' is using a module provided by SSSD and it is, in general, not related to how the rules are stored at LDAP server in question.
Metadata Update from @abbra: - Issue close_status updated to: invalid - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.