Hi, I have configured sudoers in my environment. But when I try to execute a command using sudo, the commands fails to get executed saying “sysadmin is not in the
sudoers file. This incident will be reported.” . I am using sysadmin account as mentioned in the below sudoers ldif file. login as: sysadmin sysadmin@10.150.14.144's password: Last login: Mon Aug 29 14:58:50 2011 from 10.150.10.158 Could not chdir to home directory /home/sysadmin: No such file or directory -bash-3.2$ sudo ls [sudo] password for sysadmin: sysadmin is not in the sudoers file. This incident will be reported. -bash-3.2$ sudo -V Sudo version 1.7.2p1 -bash-3.2$ sudo -l [sudo] password for sysadmin: Sorry, user sysadmin may not run sudo on devonly144. -bash-3.2 On
Server the sudoers file is /etc/openldap/slapd.conf include /usr/share/openldap2.4/schema/sudo.schema index sudoUser eq /etc/openldap/ldap.conf sudoers_base ou=SUDOers,dc=comverse-in,dc=com sudoers.ldif # SUDOers, comverse-in.com dn: ou=SUDOers,dc=comverse-in,dc=com objectClass: top objectClass: organizationalUnit ou: SUDOers dn: cn=defaults,ou=SUDOers,dc=comverse-in,dc=com objectClass: top objectClass: sudoRole cn: defaults description: Default sudoOption's go here sudoOption: syslog=auth dn: cn=root,ou=SUDOers,dc=comverse-in,dc=com objectClass: top objectClass: sudoRole cn: root sudoUser: root sudoUser: sysadmin sudoHost: ALL sudoRunAsUser: ALL sudoCommand: ALL dn: cn=%wheel,ou=SUDOers,dc=comverse-in,dc=com objectClass: top objectClass: sudoRole cn: %wheel sudoUser: %wheel sudoHost: ALL sudoRunAsUser: ALL sudoCommand: ALL dn: cn=operator,ou=SUDOers,dc=comverse-in,dc=com objectClass: top objectClass: sudoRole cn: operator sudoUser: operator sudoHost: ALL sudoCommand: /usr/sbin/dump sudoCommand: /usr/sbin/rdump sudoCommand: /usr/sbin/restore sudoCommand: /usr/sbin/rrestore sudoCommand: /usr/bin/mt sudoCommand: /usr/bin/kill sudoCommand: /usr/sbin/shutdown sudoCommand: /usr/sbin/halt sudoCommand: /usr/sbin/reboot sudoCommand: /usr/sbin/lpc sudoCommand: /usr/bin/lprm sudoCommand: sudoedit /etc/printcap sudoCommand: /usr/oper/bin/ dn: cn=ALL,ou=SUDOers,dc=comverse-in,dc=com objectClass: top objectClass: sudoRole cn: ALL sudoUser: ALL sudoHost: orion sudoCommand: /sbin/umount /CDROM sudoCommand: /sbin/mount -o nosuid\ sudoCommand: nodev /dev/cd0a /CDROM sudoOption: !authenticate On
client: /etc/ldap.conf sudoers_base ou=SUDOers,dc=comverse-in,dc=com nss_base_passwd ou=People,dc=comverse-in,dc=com?one nss_base_shadow ou=People,dc=comverse-in,dc=com?one nss_base_group ou=Group,dc=comverse-in,dc=com?one /etc/pam.d/login #%PAM-1.0 auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so auth include system-auth auth required pam_securetty.so auth sufficient pam_ldap.so auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_nologin.so account include system-auth account sufficient pam_ldap.so account required pam_stack.so service=system-auth password include system-auth password sufficient pam_ldap.so password required pam_stack.so service=system-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session include system-auth session required pam_loginuid.so session optional pam_console.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open session optional pam_keyinit.so force revoke session sufficient pam_ldap.so session required pam_stack.so service=system-auth session optional pam_console.so session required /lib/security/pam_limits.so /etc/nsswitch.conf passwd: ldap files shadow: ldap files group: ldap files Thanks and Regards, Naga Chaitanya =============================================================================== Please refer to http://www.aricent.com/legal/email_disclaimer.html for important disclosures regarding this electronic communication. =============================================================================== |