[Bug 1686544] Re: sudo fails to retrieve groups in sudoUser
quess
1686544 at bugs.launchpad.net
Sat May 6 15:03:49 UTC 2017
In the link posted above, the OP solves the problem by adding objectClass: posixgroup to his groups.
In my case, they already are "posix-ified".
But, I finally made my sudorules to work by turning
use_fully_qualified_names = False.
Summary:
use_fully_qualified_names = True + sudo 1.8.16-0ubuntu1 => OK
use_fully_qualified_names = True + sudo 1.8.16-0ubuntu1.3 => NOK
use_fully_qualified_names = False + sudo 1.8.16-0ubuntu1.3 => OK
Remaining problems:
sudoUser=%#gid is not retrieved
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1686544
Title:
sudo fails to retrieve groups in sudoUser
Status in sudo package in Ubuntu:
New
Bug description:
Currently using sudo with sssd 1.13.4 on xenial to manage sudo rules,
groups are not resolved since last update.
I troubleshooted :
- sudo with all at debug
- sssd with [sudo] debug_level = 9 and [domain/domain.tld] debug_level = 9
- LDAP requests are correctly sent, and I can obtain correct rules
- SSSD cache is correctly stored too, I can successfully ldbsearch into!
I had to downgrade sudo (1.8.16-0ubuntu1.3) xenial to sudo
(1.8.16-0ubuntu1) xenial, to get my groups working again. I tried sudo
1.8.19, with no luck.
Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1:
sudoCommand: /bin/mount
sudoHost: ALL
sudoUser: ALL
Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1:
sudoCommand: /bin/mount
sudoHost: ALL
sudoUser: #uid
Broken since 1.8.16-0ubuntu1.3:
sudoCommand: /bin/mount
sudoHost: ALL
sudoUser: %mygroup
Broken in 1.8.16-0ubuntu1.3:
sudoCommand: /bin/mount
sudoHost: ALL
sudoUser: myuser
Patch sssd-doesnt-handle-netgroups.diff seems to break something...
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1686544/+subscriptions
More information about the foundations-bugs
mailing list