Re: sudo/kerberos problems in F18

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> From: John.Florian@xxxxxxxx
>
> I have sudo configured with:
>
> # Allow all members of the sudoers group (in LDAP) to run all commands.
> %sudoers        ALL=(ALL)       NOPASSWD: ALL
>
> I'm a member of the sudoers group, but it is failing to authenticate
> me and this shows up in syslog:
>
> Aug 16 16:04:28 f18test [sssd[krb5_child[16009]]]: Credential cache
> directory /run/user/10325/ccdir does not exist
>
> All but the ccdir does indeed exist.  Seeing krb5 mentioned here, I
> should note that system-auth uses Kerberos against an AD server.
Debugging this a little further, I've manually created the required ccdir directory and made myself its owner.  Running "groups" as myself, I can confirm my membership to the "sudoers" group.  However, sudo still claims "testuser is not in the sudoers file.  This incident will be reported."  The relevant logs capture:

==> /var/log/secure <==
Aug 17 09:34:36 f18test sudo: pam_unix(sudo:auth): authentication failure; logname=testuser uid=10325 euid=0 tty=/dev/pts/3 ruser=testuser rhost=  user=testuser

==> /var/log/audit/audit.log <==
type=USER_AUTH msg=audit(1345210476.895:3118): pid=0 uid=0 auid=10325 ses=56 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="testuser" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=success'

==> /var/log/secure <==
Aug 17 09:34:36 f18test sudo: pam_sss(sudo:auth): authentication success; logname=testuser uid=10325 euid=0 tty=/dev/pts/3 ruser=testuser rhost= user=testuser

==> /var/log/audit/audit.log <==
type=USER_ACCT msg=audit(1345210476.896:3119): pid=0 uid=0 auid=10325 ses=56 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="testuser" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=success'
type=USER_CMD msg=audit(1345210476.897:3120): pid=0 uid=0 auid=10325 ses=56 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/00/testuser" cmd="date" terminal=pts/3 res=failed'

==> /var/log/secure <==
Aug 17 09:34:36 f18test sudo:   testuser : user NOT in sudoers ; TTY=pts/3 ; PWD=/home/00/testuser ; USER=root ; ENV=PROPHILE=/var/lib/prophile.d/jflorian GVIMINIT=source /var/lib/prophile.d/jflorian/vim/gvimrc VIMINIT=source /var/lib/prophile.d/jflorian/vim/vimrc ; COMMAND=/bin/date

I'm not sure what else I can do to dig further into why sudo is failing.

--
John Florian 

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux