Description of problem: After last update does not work if sudo got information about access rights from ldap. In ldap logs absolutely not have requests from client about sudo access for current user who try to run sudo. Client logs contain that "user NOT in sudoers" Version-Release number of selected component (if applicable): 1.7.1-2.fc10 How reproducible: Try to run sudo Steps to Reproduce: 1. Update sudo to version 1.7.1-2.fc10 2. sudo Actual results: 2009-06-18T18:16:37.379646+04:00 host sudo: pam_krb5[31872]: authentication succeeds for 'user' (user) 2009-06-18T18:16:37.437684+04:00 host sudo: user : user NOT in sudoers ; TTY=pts/11 ; PWD=/home/user/ ; USER=root ; COMMAND=/bin/ls
If downgrade sudo to 1.6.9p17-2.fc10 it component work current
Could you please test this http://koji.fedoraproject.org/koji/taskinfo?taskID=1429435 build?
The same here, but F11 x86_64. Lates-notworking - sudo-1.7.1-2.fc11.x86_64 (Koji), working - sudo-1.6.9p17-6.fc11.x86_64. How to get those rpms from link?
sudo-1.7.1-4.fc11 from Koji still not working.
Any news?
Hi, sorry for the delay. I found this entry in the 1.7.0 vs. 1.6.9 ChangeLog. It may be related to your problem: Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf to specify the sudoers order. E.g.: sudoers: ldap files to check LDAP, then /etc/sudoers. The default is files, even when LDAP support is compiled in. This differs from sudo 1.6 where LDAP was always consulted first. Do you have this entry in /etc/nsswitch.conf?
After string "sudoers: ldap files" added to /etc/nsswitch.conf sudo-1.7.1-4.fc11.x86_64 works fine for me now. Thank you, Daniel.
(In reply to comment #6) > Hi, sorry for the delay. I found this entry in the 1.7.0 vs. 1.6.9 ChangeLog. > It may be related to your problem: > > Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf to specify > the sudoers order. E.g.: > > sudoers: ldap files > > to check LDAP, then /etc/sudoers. The default is files, even when LDAP support > is compiled in. This differs from sudo 1.6 where LDAP was always consulted > first. > > Do you have this entry in /etc/nsswitch.conf? No. Don't have. After add this entry and upgrade to sudo-1.7.1-4.fc10.i386 all works fine! Thanks!