User is not allowed to run sudo on server. This incident will be reported.
Receiving the following when using FreeIPA to manage sudo rules?
-sh-4.2$ sudo su –
[sudo] password for tom@mds.xyz:
tom@mds.xyz is not allowed to run sudo on idmipa04. This incident will be reported.
-sh-4.2$
On a working node:
# ipa-compat-manage status
Directory Manager password:
Plugin Enabled
and on a non-working node:
# ipa-compat-manage status
Directory Manager password:
Plugin Disabled
# ipa-compat-manage enable
Directory Manager password:
Enabling plugin
This setting will not take effect until you restart Directory Server.
# ipactl restart
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting ntpd Service
Restarting pki-tomcatd Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful
#
ipa-compat-manage status
Directory Manager password:
Plugin Disabled
Enable the plugin:
# ipa-compat-manage enable
Directory Manager password:
Enabling plugin
This setting will not take effect until you restart Directory Server.
# ipactl restart
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting ntpd Service
Restarting pki-tomcatd Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful
#
And try the sudo to root again: All sudo rules should be visible using the following commands:
dapsearch -Y GSSAPI -b "dc=mws,dc=mds,dc=xyz" dn |grep -Ei sudo|grep -v "#"
ipa sudorule-find All
on both servers. Verify on clients:
$ sudo su –
[sudo] password for tom@mds.xyz:
tom@mds.xyz is not allowed to run sudo on azure-r01wn01. This incident will be reported.
$ su –
Password:
Last login: Thu Jan 28 21:53:55 EST 2021 on pts/0
[root@azure-r01wn01 ~]# systemctl restart sssd^C
[root@azure-r01wn01 ~]# rm -f /var/lib/sss/db/*
[root@azure-r01wn01 ~]# systemctl restart sssd
[root@azure-r01wn01 ~]# logout
$ sudo su –
[sudo] password for tom@mds.xyz:
Last login: Fri Jan 29 00:51:40 EST 2021 on pts/1
[root@azure-r01wn01 ~]#
Thanks,