Header Shadow Image

«
»

User is not allowed to run sudo on server.  This incident will be reported.

Receiving the following when using FreeIPA to manage sudo rules?

-sh-4.2$ sudo su –
[sudo] password for tom@mds.xyz: 
tom@mds.xyz is not allowed to run sudo on idmipa04.  This incident will be reported.
-sh-4.2$

On a working node:

# ipa-compat-manage status
Directory Manager password: 

Plugin Enabled

and on a non-working node:

# ipa-compat-manage status
Directory Manager password: 

Plugin Disabled
# ipa-compat-manage enable
Directory Manager password: 

Enabling plugin
This setting will not take effect until you restart Directory Server.
# ipactl restart
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting ntpd Service
Restarting pki-tomcatd Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful

ipa-compat-manage status
Directory Manager password: 

Plugin Disabled

Enable the plugin:

# ipa-compat-manage enable
Directory Manager password: 

Enabling plugin
This setting will not take effect until you restart Directory Server.
# ipactl restart
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting ntpd Service
Restarting pki-tomcatd Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful
#

And try the sudo to root again:  All sudo rules should be visible using the following commands:

dapsearch -Y GSSAPI -b "dc=mws,dc=mds,dc=xyz" dn |grep -Ei sudo|grep -v "#"

ipa sudorule-find All

on both servers.  Verify on clients:

$ sudo su –
[sudo] password for tom@mds.xyz: 
tom@mds.xyz is not allowed to run sudo on azure-r01wn01.  This incident will be reported.
$ su –
Password: 
Last login: Thu Jan 28 21:53:55 EST 2021 on pts/0
[root@azure-r01wn01 ~]# systemctl restart sssd^C
[root@azure-r01wn01 ~]# rm -f /var/lib/sss/db/*
[root@azure-r01wn01 ~]# systemctl restart sssd
[root@azure-r01wn01 ~]# logout
$ sudo su –
[sudo] password for tom@mds.xyz: 
Last login: Fri Jan 29 00:51:40 EST 2021 on pts/1
[root@azure-r01wn01 ~]# 

Thanks,

This entry was posted on Friday, January 29th, 2021 at 12:47 am and is filed under NIX Posts. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Subscribe
Notify of
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
     
  Copyright © 2003 - 2025 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License

  

0
Would love your thoughts, please comment.x
()
x
The IT Development and Technology Mini Vault | MicroDevSys.com
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.