[sudo-users] sudo does not work....
Mahajan, Mudit
Mudit.Mahajan at rbccm.com
Mon Feb 25 19:06:15 EST 2008
Hello Everyone,
Can anyone help me out to explain as what does sudo_ldap_check means, I
believe my authentication to LDAP works right but still why type my own
password it does not work. I can login using ssh directly to the box
with my username without any issues...
Thanks and Rgds,
Mudit
sudo -i AAAAAAAAA
LDAP Config Summary
===================
host XXX.XXX.XXX.XXX
port XXX
ldap_version 3
sudoers_base ou=somesudo,dc=somewhere,dc= somewhere,dc=com
binddn cn=someagent,ou=somesudo,dc= somewhere,dc= somewhere,dc=com
bindpw XXXXXXX
bind_timelimit 10
timelimit 30
===================
ldap_set_option(LDAP_OPT_TIMELIMIT,0x1e)
ldap_set_option(LDAP_OPT_X_OPT_CONNECT_TIMEOUT,0x2710)
ldap_init(XXX.XXX.XXX.XXXX,389)
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03)
ldap_bind() ok
no default options found!
ldap search
'(|(sudoUser=AAAAAAAA)(sudoUser=%dev)(sudoUser=%dev)(sudoUser=ALL))'
ldap search 'sudoUser=+*'
found:cn=BBBBBBB,ou=SUDOers,dc= somewhere,dc= somewhere,dc=com
ldap sudoUser netgroup '+BBBBBBB ... MATCH!
ldap sudoHost 'ALL' ... MATCH!
ldap sudoCommand 'ALL' ... MATCH!
ldap sudoRunAs 'root' ... MATCH!
Perfect Matched!
user_matches=-1
host_matches=-1
sudo_ldap_check(0)=0x02
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Password:
Sorry, try again.
Password:
sudo: 1 incorrect password attempt
______________________________________________________________________
This email is intended only for the use of the individual(s) to whom it is addressed and may be privileged and confidential.
Unauthorised use or disclosure is prohibited.If you receive This e-mail in error, please advise immediately and delete the original message.
This message may have been altered without your or our knowledge and the sender does not accept any liability for any errors or omissions in the message.
More information about the sudo-users
mailing list