Rob Owens wrote: > I replaced libpam-ldap with libpam-ldapd and now sudo and su are both > working. Not sure why, but I"ll dig into it if I get some time.
Glad to hear that it is working. I am not an ldap expert so don't
know either.
I am going to comment on your previous anyway.
> But I'll give sudo-ldap a try if I can't get this working.
sudo-ldap is just for using /etc/sudoers from ldap storage. If you
aren't using it then it won't matter.
> > Check 'sudo -l' to list the user's sudo status dump?
>
> User rob may run the following commands on this host:
> (ALL) ALL
That doesn't seem sufficient for Wheezy. I don't see secure_path in
that output for example.
I don't have a pristine example but here is one from a machine of mine
with some customization to it.
Matching Defaults entries for rwp on this host:
env_reset, env_keep+=HOME, env_keep+=MAIL, !lecture, !fqdn,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User rwp may run the following commands on this host:
(ALL) ALL
Since I don't see secure_path in your output I worry that it is
missing. That will cause PATH to be incorrect. This is a change from
Squeeze 6 to Wheezy 7.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639841
Bob
signature.asc
Description: Digital signature
