sudo fails to retrieve groups in sudoUser
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sudo (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Currently using sudo with sssd 1.13.4 on xenial to manage sudo rules, groups are not resolved since last update.
I troubleshooted :
- sudo with all@debug
- sssd with [sudo] debug_level = 9 and [domain/domain.tld] debug_level = 9
- LDAP requests are correctly sent, and I can obtain correct rules
- SSSD cache is correctly stored too, I can successfully ldbsearch into!
I had to downgrade sudo (1.8.16-0ubuntu1.3) xenial to sudo (1.8.16-0ubuntu1) xenial, to get my groups working again. I tried sudo 1.8.19, with no luck.
Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1:
sudoCommand: /bin/mount
sudoHost: ALL
sudoUser: ALL
Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1:
sudoCommand: /bin/mount
sudoHost: ALL
sudoUser: #uid
Broken since 1.8.16-0ubuntu1.3:
sudoCommand: /bin/mount
sudoHost: ALL
sudoUser: %mygroup
Broken in 1.8.16-0ubuntu1.3:
sudoCommand: /bin/mount
sudoHost: ALL
sudoUser: myuser
Patch sssd-doesnt-
reported here too : https:/ /www.redhat. com/archives/ freeipa- users/2017- May/msg00033. html