[Bug 1686544] [NEW] sudo fails to retrieve groups in sudoUser

quess 1686544 at bugs.launchpad.net
Wed Apr 26 23:06:24 UTC 2017 

Public bug reported:

Currently using sudo with sssd 1.13.4 on xenial to manage sudo rules,
groups are not resolved since last update.

I troubleshooted :
- sudo with all at debug
- sssd with [sudo] debug_level = 9 and [domain/domain.tld] debug_level = 9
- LDAP requests are correctly sent, and I can obtain correct rules
- SSSD cache is correctly stored too, I can successfully ldbsearch into!

I had to downgrade sudo (1.8.16-0ubuntu1.3) xenial to sudo
(1.8.16-0ubuntu1) xenial, to get my groups working again. I tried sudo
1.8.19, with no luck.


Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1:
sudoCommand: /bin/mount
sudoHost: ALL
sudoUser: ALL

Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1:
sudoCommand: /bin/mount
sudoHost: ALL
sudoUser: #uid

Broken since 1.8.16-0ubuntu1.3:
sudoCommand: /bin/mount
sudoHost: ALL
sudoUser: %mygroup

Broken in 1.8.16-0ubuntu1.3:
sudoCommand: /bin/mount
sudoHost: ALL
sudoUser: myuser


Patch sssd-doesnt-handle-netgroups.diff seems to break something...

** Affects: sudo (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "sssd.conf"
   https://bugs.launchpad.net/bugs/1686544/+attachment/4868405/+files/sssd.conf

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1686544

Title:
  sudo fails to retrieve groups in sudoUser

Status in sudo package in Ubuntu:
  New

Bug description:
  Currently using sudo with sssd 1.13.4 on xenial to manage sudo rules,
  groups are not resolved since last update.

  I troubleshooted :
  - sudo with all at debug
  - sssd with [sudo] debug_level = 9 and [domain/domain.tld] debug_level = 9
  - LDAP requests are correctly sent, and I can obtain correct rules
  - SSSD cache is correctly stored too, I can successfully ldbsearch into!

  I had to downgrade sudo (1.8.16-0ubuntu1.3) xenial to sudo
  (1.8.16-0ubuntu1) xenial, to get my groups working again. I tried sudo
  1.8.19, with no luck.

  
  Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1:
  sudoCommand: /bin/mount
  sudoHost: ALL
  sudoUser: ALL

  Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1:
  sudoCommand: /bin/mount
  sudoHost: ALL
  sudoUser: #uid

  Broken since 1.8.16-0ubuntu1.3:
  sudoCommand: /bin/mount
  sudoHost: ALL
  sudoUser: %mygroup

  Broken in 1.8.16-0ubuntu1.3:
  sudoCommand: /bin/mount
  sudoHost: ALL
  sudoUser: myuser

  
  Patch sssd-doesnt-handle-netgroups.diff seems to break something...

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1686544/+subscriptions

More information about the foundations-bugs mailing list