Description of problem:
If /etc/nsswitch.conf already has sudoers entry with sss, ipa-client-install should not add another entry to the line. However, it does:
sudoers: files sss sss
This can lead to sudo hanging like in bug #1147498.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. setup IPA server to test against
2. echo "sudoers: files sss" >> /etc/nsswitch.conf
4. grep sudoer /etc/nsswitch.conf
2 sss entries on line.
1 sss entry on line.
Thanks for report. I see downstream patch missing this part in configure_nsswitch_database:
# Make sure no service is added if already mentioned in the list
added_services = [s for s in services
if s not in configured_services]
We should fix this one in next release, given it is causing problems.
Verified on ipa-client-3.0.0-45.el6.x86_64:
[root@idm-qe-03 yum.repos.d]# echo "sudoers: files sss" >> /etc/nsswitch.conf
[root@idm-qe-03 yum.repos.d]# ipa-client-install
Discovery was successful!
DNS Domain: testrelm.test
IPA Server: idm-qe-01.testrelm.test
Client configuration complete.
[root@idm-qe-03 yum.repos.d]# grep sudoer /etc/nsswitch.conf
sudoers: files sss
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.