Comment 0 for bug 1607666

Sudo currently fails to validate netgroups against host netgroups returned from the sss plugin, see https://fedorahosted.org/freeipa/ticket/6139 for the glory details.

This was fixed in sudo 1.8.17 (https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7 to be exact), which I'd very much like to see backported to Ubuntu 16.04. If possible, updating sudo completely to 1.8.17 would be nice, since there have been quite a few improvements with regards to sss and freeipa and it would be a shame if we could not benefit from them given that 16.04 is LTS.