EL7.3 Users are in active directory via AD trust with IPA server sudo is configured via files - users in our default "nwra" group can run certain sudo commands, e.g.:
Cmnd_Alias WAKEUP = /sbin/ether-wake * %nwra,%visitor,%ivm ALL=NOPASSWD: WAKEUP However, sometimes when I run sudo /sbin/ether-wake I get prompted for my password. Other times it works fine. I've attached some logs from failed attempt. In particular, these entries: -barry.cora.DNSDOMAIN sssd_be[701]: Got request with the following data -barry.cora.DNSDOMAIN sssd_be[701]: command: SSS_PAM_PREAUTH -barry.cora.DNSDOMAIN sssd_be[701]: domain: ad.DNSDOMAIN -barry.cora.DNSDOMAIN sssd_be[701]: user: USER@ad.DNSDOMAIN -barry.cora.DNSDOMAIN sssd_be[701]: service: sudo -barry.cora.DNSDOMAIN sssd_be[701]: tty: /dev/pts/0 -barry.cora.DNSDOMAIN sssd_be[701]: ruser: USER -barry.cora.DNSDOMAIN sssd_be[701]: rhost: -barry.cora.DNSDOMAIN sssd_be[701]: authtok type: 0 -barry.cora.DNSDOMAIN sssd_be[701]: newauthtok type: 0 -barry.cora.DNSDOMAIN sssd_be[701]: priv: 0 -barry.cora.DNSDOMAIN sssd_be[701]: cli_pid: 2860 -barry.cora.DNSDOMAIN sssd_be[701]: logon name: not set -barry.cora.DNSDOMAIN sssd_be[701]: Trying to resolve service 'IPA' -barry.cora.DNSDOMAIN sssd_be[701]: The status of SRV lookup is resolved -barry.cora.DNSDOMAIN sssd_be[701]: Found address for server ipa1.DNSDOMAIN: [10.0.1.74] TTL 86400 -barry.cora.DNSDOMAIN krb5_child[2869]: cmd [249] uid [22603] gid [22603] validate [true] enterprise principal [false] offline [false] UPN [u...@ad.nwra.com] -barry.cora.DNSDOMAIN krb5_child[2869]: SSSD_KRB5_FAST_PRINCIPAL is set to [host/barry.cora.dnsdom...@nwra.com] -barry.cora.DNSDOMAIN krb5_child[2869]: FAST TGT is still valid. -barry.cora.DNSDOMAIN krb5_child[2869]: Trying to become user [22603][22603]. -barry.cora.DNSDOMAIN krb5_child[2869]: Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. -barry.cora.DNSDOMAIN krb5_child[2869]: Cannot read [SSSD_KRB5_LIFETIME] from environment. -barry.cora.DNSDOMAIN krb5_child[2869]: SSSD_KRB5_CANONICALIZE is set to [true] -barry.cora.DNSDOMAIN krb5_child[2869]: Cannot handle password prompts. -barry.cora.DNSDOMAIN krb5_child[2869]: Received error code 0 -barry.cora.DNSDOMAIN sssd_be[701]: child [2869] finished successfully. -barry.cora.DNSDOMAIN sssd_be[701]: Marking port 389 of server 'ipa1.DNSDOMAIN' as 'working' -barry.cora.DNSDOMAIN sssd_be[701]: Marking server 'ipa1.DNSDOMAIN' as 'working' -barry.cora.DNSDOMAIN sssd_be[701]: connection is about to expire, releasing it -barry.cora.DNSDOMAIN sssd_be[701]: Trying to resolve service 'IPA' -barry.cora.DNSDOMAIN sssd_be[701]: The status of SRV lookup is resolved -barry.cora.DNSDOMAIN sssd_be[701]: Found address for server ipa1.DNSDOMAIN: [10.0.1.74] TTL 86400 -barry.cora.DNSDOMAIN sssd_be[701]: Trying to resolve service 'IPA' -barry.cora.DNSDOMAIN sssd_be[701]: The status of SRV lookup is resolved -barry.cora.DNSDOMAIN sssd_be[701]: Found address for server ipa1.DNSDOMAIN: [10.0.1.74] TTL 86400 -barry.cora.DNSDOMAIN ldap_child[2889]: Will run as [0][0]. -barry.cora.DNSDOMAIN ldap_child[2889]: Trying to become user [0][0]. -barry.cora.DNSDOMAIN ldap_child[2889]: Already user [0]. -barry.cora.DNSDOMAIN ldap_child[2889]: Principal name is: [host/barry.cora.dnsdom...@nwra.com] -barry.cora.DNSDOMAIN ldap_child[2889]: Using keytab [MEMORY:/etc/krb5.keytab] -barry.cora.DNSDOMAIN ldap_child[2889]: Will canonicalize principals -barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 1 -barry.cora.DNSDOMAIN sssd_be[701]: expire timeout is 900 -barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 1 -barry.cora.DNSDOMAIN sssd_be[701]: Executing sasl bind mech: GSSAPI, user: host/barry.cora.DNSDOMAIN -barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 1 -barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 2 -barry.cora.DNSDOMAIN sssd_be[701]: child [2889] finished successfully. -barry.cora.DNSDOMAIN sssd_be[701]: Marking port 389 of server 'ipa1.DNSDOMAIN' as 'working' -barry.cora.DNSDOMAIN sssd_be[701]: Marking server 'ipa1.DNSDOMAIN' as 'working' -barry.cora.DNSDOMAIN sssd_be[701]: No host groups were dereferenced -barry.cora.DNSDOMAIN sssd_be[701]: Received 0 additional command groups -barry.cora.DNSDOMAIN sssd_be[701]: Received 0 sudo rules -barry.cora.DNSDOMAIN sssd_be[701]: SUDO higher USN value: [1] -barry.cora.DNSDOMAIN sudo[2860]: USER : command not allowed ; TTY=pts/0 ; PWD=/export/home/USER/fedora/fail2ban ; USER=root ; COMMAND=/sbin/ether-wake -i eth0 00:25:64:e0:05:fa seem to appear in the failed attempt but not a successful one. -- Orion Poplawski Technical Manager 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 http://www.nwra.com
Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: Received client version [1]. Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: Offered version [1]. Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: name 'USER' matched without domain, user is USER Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: using default domain [ad.DNSDOMAIN] Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: Cache Request [Initgroups by name #0]: Requesting info for [USER@ad.DNSDOMAIN] Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: Cache Request [Initgroups by name #0]: Cannot find info for [USER@ad.DNSDOMAIN] Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_be[701]: Got request for [0x3][BE_REQ_INITGROUPS][1][name=USER@ad.DNSDOMAIN] Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_be[701]: ldap_extended_operation result: No such object(32), (null). Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_be[701]: s2n exop request failed. Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_be[701]: s2n get_fqlist request failed. Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Unknown domain (ad.DNSDOMAIN) requested by provider Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: Cache Request [Initgroups by name #0]: Requesting info for [USER@ad.DNSDOMAIN] Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: Searching sysdb with [(&(objectClass=sudoRule)(dataExpireTimestamp<=1485548743)(|(name=defaults)(sudoUser=ALL)(sudoUser=USER@ad.DNSDOMAIN)(sudoUser=#22603)(sudoUser=%wireless\20access@ad.DNSDOMAIN)(sudoUser=%andreas\20admins@ad.DNSDOMAIN)(sudoUser=%heimdall\20users@ad.DNSDOMAIN)(sudoUser=%pirep\20rd\20users@ad.DNSDOMAIN)(sudoUser=%domain\20users@ad.DNSDOMAIN)(sudoUser=%nwra-users@ad.DNSDOMAIN)(sudoUser=%ivmgroup@ad.DNSDOMAIN)(sudoUser=%boulder@ad.DNSDOMAIN)(sudoUser=%USER@DNSDOMAIN)(sudoUser=%nwra@DNSDOMAIN)(sudoUser=+*)))] Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_sudo[772]: Searching sysdb with [(&(objectClass=sudoRule)(name=defaults))] Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Received client version [1]. Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Offered version [1]. Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: name 'root' matched without domain, user is root Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: using default domain [ad.DNSDOMAIN] Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [root] from [ad.DNSDOMAIN] Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: name 'nwra' matched without domain, user is nwra Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: using default domain [ad.DNSDOMAIN] Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [nwra] from [ad.DNSDOMAIN] Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [nwra@ad.DNSDOMAIN] Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_be[701]: Got request for [0x2][BE_REQ_GROUP][1][name=nwra@ad.DNSDOMAIN] Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [nwra@ad.DNSDOMAIN] Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: name 'ivm' matched without domain, user is ivm Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: using default domain [ad.DNSDOMAIN] Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [ivm] from [ad.DNSDOMAIN] Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [ivm@ad.DNSDOMAIN] Jan 27 13:25:43 barry.cora.DNSDOMAIN sssd_be[701]: Got request for [0x2][BE_REQ_GROUP][1][name=ivm@ad.DNSDOMAIN] Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: ldap_extended_operation result: No such object(32), (null). Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: s2n exop request failed. Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: s2n get_fqlist request failed. Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [ivm@ad.DNSDOMAIN] Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_nss[771]: name 'visitor' matched without domain, user is visitor Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_nss[771]: using default domain [ad.DNSDOMAIN] Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [visitor] from [ad.DNSDOMAIN] Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [visitor@ad.DNSDOMAIN] Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: Got request for [0x2][BE_REQ_GROUP][1][name=visitor@ad.DNSDOMAIN] Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: ldap_extended_operation result: No such object(32), (null). Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: s2n exop request failed. Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_nss[771]: Requesting info for [visitor@ad.DNSDOMAIN] Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_sudo[772]: name 'USER' matched without domain, user is USER Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_sudo[772]: using default domain [ad.DNSDOMAIN] Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_sudo[772]: Cache Request [Initgroups by name #1]: Requesting info for [USER@ad.DNSDOMAIN] Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_sudo[772]: Cache Request [Initgroups by name #1]: Cannot find info for [USER@ad.DNSDOMAIN] Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: Got request for [0x3][BE_REQ_INITGROUPS][1][name=USER@ad.DNSDOMAIN] Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: ldap_extended_operation result: No such object(32), (null). Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: s2n exop request failed. Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: s2n get_fqlist request failed. Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_nss[771]: Unknown domain (ad.DNSDOMAIN) requested by provider Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_sudo[772]: Cache Request [Initgroups by name #1]: Requesting info for [USER@ad.DNSDOMAIN] Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_sudo[772]: Searching sysdb with [(&(objectClass=sudoRule)(dataExpireTimestamp<=1485548744)(|(name=defaults)(sudoUser=ALL)(sudoUser=USER@ad.DNSDOMAIN)(sudoUser=#22603)(sudoUser=%wireless\20access@ad.DNSDOMAIN)(sudoUser=%andreas\20admins@ad.DNSDOMAIN)(sudoUser=%heimdall\20users@ad.DNSDOMAIN)(sudoUser=%pirep\20rd\20users@ad.DNSDOMAIN)(sudoUser=%domain\20users@ad.DNSDOMAIN)(sudoUser=%nwra-users@ad.DNSDOMAIN)(sudoUser=%ivmgroup@ad.DNSDOMAIN)(sudoUser=%boulder@ad.DNSDOMAIN)(sudoUser=%USER@DNSDOMAIN)(sudoUser=%nwra@DNSDOMAIN)(sudoUser=+*)))] Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_sudo[772]: Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=USER@ad.DNSDOMAIN)(sudoUser=#22603)(sudoUser=%wireless\20access@ad.DNSDOMAIN)(sudoUser=%andreas\20admins@ad.DNSDOMAIN)(sudoUser=%heimdall\20users@ad.DNSDOMAIN)(sudoUser=%pirep\20rd\20users@ad.DNSDOMAIN)(sudoUser=%domain\20users@ad.DNSDOMAIN)(sudoUser=%nwra-users@ad.DNSDOMAIN)(sudoUser=%ivmgroup@ad.DNSDOMAIN)(sudoUser=%boulder@ad.DNSDOMAIN)(sudoUser=%USER@DNSDOMAIN)(sudoUser=%nwra@DNSDOMAIN)))] Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_sudo[772]: Searching sysdb with [(&(objectClass=sudoRule)(sudoUser=+*)(!(|(sudoUser=ALL)(sudoUser=USER@ad.DNSDOMAIN)(sudoUser=#22603)(sudoUser=%wireless\20access@ad.DNSDOMAIN)(sudoUser=%andreas\20admins@ad.DNSDOMAIN)(sudoUser=%heimdall\20users@ad.DNSDOMAIN)(sudoUser=%pirep\20rd\20users@ad.DNSDOMAIN)(sudoUser=%domain\20users@ad.DNSDOMAIN)(sudoUser=%nwra-users@ad.DNSDOMAIN)(sudoUser=%ivmgroup@ad.DNSDOMAIN)(sudoUser=%boulder@ad.DNSDOMAIN)(sudoUser=%USER@DNSDOMAIN)(sudoUser=%nwra@DNSDOMAIN))))] Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: Got request for [0x3][BE_REQ_INITGROUPS][1][name=USER@ad.DNSDOMAIN] Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: ldap_extended_operation result: No such object(32), (null). Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: s2n exop request failed. Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: s2n get_fqlist request failed. Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_nss[771]: Unknown domain (ad.DNSDOMAIN) requested by provider Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: Got request with the following data Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: command: SSS_PAM_PREAUTH Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: domain: ad.DNSDOMAIN Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: user: USER@ad.DNSDOMAIN Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: service: sudo Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: tty: /dev/pts/0 Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: ruser: USER Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: rhost: Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: authtok type: 0 Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: newauthtok type: 0 Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: priv: 0 Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: cli_pid: 2860 Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: logon name: not set Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: Trying to resolve service 'IPA' Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: The status of SRV lookup is resolved Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: Found address for server ipa1.DNSDOMAIN: [10.0.1.74] TTL 86400 Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: cmd [249] uid [22603] gid [22603] validate [true] enterprise principal [false] offline [false] UPN [u...@ad.nwra.com] Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: SSSD_KRB5_FAST_PRINCIPAL is set to [host/barry.cora.dnsdom...@nwra.com] Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: FAST TGT is still valid. Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: Trying to become user [22603][22603]. Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: Cannot read [SSSD_KRB5_LIFETIME] from environment. Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: SSSD_KRB5_CANONICALIZE is set to [true] Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: Cannot handle password prompts. Jan 27 13:25:44 barry.cora.DNSDOMAIN krb5_child[2869]: Received error code 0 Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: child [2869] finished successfully. Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: Marking port 389 of server 'ipa1.DNSDOMAIN' as 'working' Jan 27 13:25:44 barry.cora.DNSDOMAIN sssd_be[701]: Marking server 'ipa1.DNSDOMAIN' as 'working' Jan 27 13:25:45 barry.cora.DNSDOMAIN sssd_be[701]: connection is about to expire, releasing it Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Trying to resolve service 'IPA' Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: The status of SRV lookup is resolved Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Found address for server ipa1.DNSDOMAIN: [10.0.1.74] TTL 86400 Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Trying to resolve service 'IPA' Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: The status of SRV lookup is resolved Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Found address for server ipa1.DNSDOMAIN: [10.0.1.74] TTL 86400 Jan 27 13:25:51 barry.cora.DNSDOMAIN ldap_child[2889]: Will run as [0][0]. Jan 27 13:25:51 barry.cora.DNSDOMAIN ldap_child[2889]: Trying to become user [0][0]. Jan 27 13:25:51 barry.cora.DNSDOMAIN ldap_child[2889]: Already user [0]. Jan 27 13:25:51 barry.cora.DNSDOMAIN ldap_child[2889]: Principal name is: [host/barry.cora.dnsdom...@nwra.com] Jan 27 13:25:51 barry.cora.DNSDOMAIN ldap_child[2889]: Using keytab [MEMORY:/etc/krb5.keytab] Jan 27 13:25:51 barry.cora.DNSDOMAIN ldap_child[2889]: Will canonicalize principals Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 1 Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: expire timeout is 900 Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 1 Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Executing sasl bind mech: GSSAPI, user: host/barry.cora.DNSDOMAIN Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 1 Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 2 Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: child [2889] finished successfully. Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Marking port 389 of server 'ipa1.DNSDOMAIN' as 'working' Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Marking server 'ipa1.DNSDOMAIN' as 'working' Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: No host groups were dereferenced Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Received 0 additional command groups Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: Received 0 sudo rules Jan 27 13:25:51 barry.cora.DNSDOMAIN sssd_be[701]: SUDO higher USN value: [1] Jan 27 13:25:54 barry.cora.DNSDOMAIN sudo[2860]: USER : command not allowed ; TTY=pts/0 ; PWD=/export/home/USER/fedora/fail2ban ; USER=root ; COMMAND=/sbin/ether-wake -i eth0 00:25:64:e0:05:fa Jan 27 13:25:54 barry.cora.DNSDOMAIN sssd_nss[771]: Terminating request info for all accounts Jan 27 13:25:54 barry.cora.DNSDOMAIN sssd_nss[771]: Terminating request info for all groups Jan 27 13:25:54 barry.cora.DNSDOMAIN sssd_nss[771]: Client disconnected! Jan 27 13:25:54 barry.cora.DNSDOMAIN sssd_sudo[772]: Client disconnected!
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
